/**
 *
 */
import Util;
import OpenApi;
import OpenApiUtil;
import EndpointUtil;

extends OpenApi;


init(config: OpenApi.Config){
  super(config);
  @endpointRule = 'regional';
  
  checkConfig(config);
  @endpoint = getEndpoint('cloudsso', @regionId, @endpointRule, @network, @suffix, @endpointMap, @endpoint);
}

function getEndpoint(productId: string, regionId: string, endpointRule: string, network: string, suffix: string, endpointMap: map[string]string, endpoint: string) throws: string{
  if (!Util.empty(endpoint)) {
    return endpoint;
  }
  
  if (!Util.isUnset(endpointMap) && !Util.empty(endpointMap[regionId])) {
    return endpointMap[regionId];
  }
  return EndpointUtil.getEndpointRules(productId, regionId, endpointRule, network, suffix);
}

model AddExternalSAMLIdPCertificateRequest {
  directoryId?: string(name='DirectoryId', description='The ID of the directory.', example='d-00fc2p61****'),
  x509Certificate?: string(name='X509Certificate', description='The X.509 certificate in the PEM format.

The certificate is provided by the SAML IdP.', example='MIIC8DCCAdigAwIBAgIQP9eomUYGeoND****'),
}

model AddExternalSAMLIdPCertificateResponseBody = {
  certificateId?: string(name='CertificateId', description='The ID of the SAML signing certificate.', example='idp-c-00wk2fb4foracls0****'),
  requestId?: string(name='RequestId', description='The ID of the request.', example='12B3E332-DD16-515B-B695-39BA233AA172'),
}

model AddExternalSAMLIdPCertificateResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: AddExternalSAMLIdPCertificateResponseBody(name='body'),
}

/**
 * @summary Adds a Security Assertion Markup Language (SAML) signing certificate.
 *
 * @description You can add up to two SAML signing certificates.
 * This topic provides an example on how to add a SAML signing certificate to the directory `d-00fc2p61****`.
 *
 * @param request AddExternalSAMLIdPCertificateRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return AddExternalSAMLIdPCertificateResponse
 */
async function addExternalSAMLIdPCertificateWithOptions(request: AddExternalSAMLIdPCertificateRequest, runtime: Util.RuntimeOptions): AddExternalSAMLIdPCertificateResponse {
  Util.validateModel(request);
  var query = {};
  if (!Util.isUnset(request.directoryId)) {
    query['DirectoryId'] = request.directoryId;
  }
  if (!Util.isUnset(request.x509Certificate)) {
    query['X509Certificate'] = request.x509Certificate;
  }
  var req = new OpenApi.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApi.Params{
    action = 'AddExternalSAMLIdPCertificate',
    version = '2021-05-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Adds a Security Assertion Markup Language (SAML) signing certificate.
 *
 * @description You can add up to two SAML signing certificates.
 * This topic provides an example on how to add a SAML signing certificate to the directory `d-00fc2p61****`.
 *
 * @param request AddExternalSAMLIdPCertificateRequest
 * @return AddExternalSAMLIdPCertificateResponse
 */
async function addExternalSAMLIdPCertificate(request: AddExternalSAMLIdPCertificateRequest): AddExternalSAMLIdPCertificateResponse {
  var runtime = new Util.RuntimeOptions{};
  return addExternalSAMLIdPCertificateWithOptions(request, runtime);
}

model AddPermissionPolicyToAccessConfigurationRequest {
  accessConfigurationId?: string(name='AccessConfigurationId', description='The ID of the access configuration.', example='ac-00jhtfl8thteu6uj****'),
  directoryId?: string(name='DirectoryId', description='The ID of the directory.', example='d-00fc2p61****'),
  inlinePolicyDocument?: string(name='InlinePolicyDocument', description='The configurations of the inline policy.

The value can be up to 4,096 characters in length.

If you set `PermissionPolicyType` to `Inline`, you must specify this parameter. For more information about the syntax and structure of RAM policies, see [Policy syntax and structure](https://help.aliyun.com/document_detail/93739.html).', example='{"Statement": [{"Action": "*","Effect": "Allow","Resource": "*"}],"Version": "1"}'),
  permissionPolicyName?: string(name='PermissionPolicyName', description='The name of the policy.

*   If you set `PermissionPolicyType` to `System`, you must set this parameter to the name of the system policy. You can obtain the name of the system policy from RAM.
*   If you set `PermissionPolicyType` to `Inline`, you must set this parameter to the name of the inline policy. A custom value is supported.', example='AliyunECSFullAccess'),
  permissionPolicyType?: string(name='PermissionPolicyType', description='The type of the policy. Valid values:

*   System: system policy. Resource Access Management (RAM) system policies are reused.
*   Inline: inline policy. Inline policies are created based on the RAM policy syntax and structure.', example='System'),
}

model AddPermissionPolicyToAccessConfigurationResponseBody = {
  requestId?: string(name='RequestId', description='The ID of the request.', example='B7C6E839-FB65-59BE-B753-003AA8AF7DF7'),
}

model AddPermissionPolicyToAccessConfigurationResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: AddPermissionPolicyToAccessConfigurationResponseBody(name='body'),
}

/**
 * @summary Adds a policy to an access configuration.
 *
 * @description This topic provides an example on how to add the system policy `AliyunECSFullAccess` to the access configuration `ac-00jhtfl8thteu6uj****`.
 *
 * @param request AddPermissionPolicyToAccessConfigurationRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return AddPermissionPolicyToAccessConfigurationResponse
 */
async function addPermissionPolicyToAccessConfigurationWithOptions(request: AddPermissionPolicyToAccessConfigurationRequest, runtime: Util.RuntimeOptions): AddPermissionPolicyToAccessConfigurationResponse {
  Util.validateModel(request);
  var query = {};
  if (!Util.isUnset(request.accessConfigurationId)) {
    query['AccessConfigurationId'] = request.accessConfigurationId;
  }
  if (!Util.isUnset(request.directoryId)) {
    query['DirectoryId'] = request.directoryId;
  }
  if (!Util.isUnset(request.inlinePolicyDocument)) {
    query['InlinePolicyDocument'] = request.inlinePolicyDocument;
  }
  if (!Util.isUnset(request.permissionPolicyName)) {
    query['PermissionPolicyName'] = request.permissionPolicyName;
  }
  if (!Util.isUnset(request.permissionPolicyType)) {
    query['PermissionPolicyType'] = request.permissionPolicyType;
  }
  var req = new OpenApi.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApi.Params{
    action = 'AddPermissionPolicyToAccessConfiguration',
    version = '2021-05-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Adds a policy to an access configuration.
 *
 * @description This topic provides an example on how to add the system policy `AliyunECSFullAccess` to the access configuration `ac-00jhtfl8thteu6uj****`.
 *
 * @param request AddPermissionPolicyToAccessConfigurationRequest
 * @return AddPermissionPolicyToAccessConfigurationResponse
 */
async function addPermissionPolicyToAccessConfiguration(request: AddPermissionPolicyToAccessConfigurationRequest): AddPermissionPolicyToAccessConfigurationResponse {
  var runtime = new Util.RuntimeOptions{};
  return addPermissionPolicyToAccessConfigurationWithOptions(request, runtime);
}

model AddUserToGroupRequest {
  directoryId?: string(name='DirectoryId', description='The ID of the directory.', example='d-00fc2p61****'),
  groupId?: string(name='GroupId', description='The ID of the group.', example='g-00jqzghi2n3o5hkh****'),
  userId?: string(name='UserId', description='The ID of the user.', example='u-00q8wbq42wiltcrk****'),
}

model AddUserToGroupResponseBody = {
  requestId?: string(name='RequestId', description='The ID of the request.', example='F76AF4FC-25E4-5CF1-B7CB-74F3CB72F0F0'),
}

model AddUserToGroupResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: AddUserToGroupResponseBody(name='body'),
}

/**
 * @summary Adds a user to a group.
 *
 * @description If System for Cross-domain Identity Management (SCIM) synchronization is enabled, you cannot add a user to a group that is synchronized by using SCIM.
 * This topic provides an example of how to add the user `u-00q8wbq42wiltcrk****` to the group `g-00jqzghi2n3o5hkh****`.
 *
 * @param request AddUserToGroupRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return AddUserToGroupResponse
 */
async function addUserToGroupWithOptions(request: AddUserToGroupRequest, runtime: Util.RuntimeOptions): AddUserToGroupResponse {
  Util.validateModel(request);
  var query = {};
  if (!Util.isUnset(request.directoryId)) {
    query['DirectoryId'] = request.directoryId;
  }
  if (!Util.isUnset(request.groupId)) {
    query['GroupId'] = request.groupId;
  }
  if (!Util.isUnset(request.userId)) {
    query['UserId'] = request.userId;
  }
  var req = new OpenApi.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApi.Params{
    action = 'AddUserToGroup',
    version = '2021-05-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Adds a user to a group.
 *
 * @description If System for Cross-domain Identity Management (SCIM) synchronization is enabled, you cannot add a user to a group that is synchronized by using SCIM.
 * This topic provides an example of how to add the user `u-00q8wbq42wiltcrk****` to the group `g-00jqzghi2n3o5hkh****`.
 *
 * @param request AddUserToGroupRequest
 * @return AddUserToGroupResponse
 */
async function addUserToGroup(request: AddUserToGroupRequest): AddUserToGroupResponse {
  var runtime = new Util.RuntimeOptions{};
  return addUserToGroupWithOptions(request, runtime);
}

model ClearExternalSAMLIdentityProviderRequest {
  directoryId?: string(name='DirectoryId', description='The ID of the directory.', example='d-00fc2p61****'),
}

model ClearExternalSAMLIdentityProviderResponseBody = {
  requestId?: string(name='RequestId', description='The ID of the request.', example='96D1E5FF-0301-5636-8D33-071E033CFB82'),
}

model ClearExternalSAMLIdentityProviderResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: ClearExternalSAMLIdentityProviderResponseBody(name='body'),
}

/**
 * @summary Clears the configurations of a Security Assertion Markup Language (SAML) identity provider (IdP).
 *
 * @description If single sign-on (SSO) logon is disabled, you can clear the configurations of a SAML IdP. If SSO logon is enabled, you cannot clear the configurations.
 * This topic provides an example on how to clear the configurations of the SAML IdP within the directory `d-00fc2p61****`.
 *
 * @param request ClearExternalSAMLIdentityProviderRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return ClearExternalSAMLIdentityProviderResponse
 */
async function clearExternalSAMLIdentityProviderWithOptions(request: ClearExternalSAMLIdentityProviderRequest, runtime: Util.RuntimeOptions): ClearExternalSAMLIdentityProviderResponse {
  Util.validateModel(request);
  var query = {};
  if (!Util.isUnset(request.directoryId)) {
    query['DirectoryId'] = request.directoryId;
  }
  var req = new OpenApi.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApi.Params{
    action = 'ClearExternalSAMLIdentityProvider',
    version = '2021-05-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Clears the configurations of a Security Assertion Markup Language (SAML) identity provider (IdP).
 *
 * @description If single sign-on (SSO) logon is disabled, you can clear the configurations of a SAML IdP. If SSO logon is enabled, you cannot clear the configurations.
 * This topic provides an example on how to clear the configurations of the SAML IdP within the directory `d-00fc2p61****`.
 *
 * @param request ClearExternalSAMLIdentityProviderRequest
 * @return ClearExternalSAMLIdentityProviderResponse
 */
async function clearExternalSAMLIdentityProvider(request: ClearExternalSAMLIdentityProviderRequest): ClearExternalSAMLIdentityProviderResponse {
  var runtime = new Util.RuntimeOptions{};
  return clearExternalSAMLIdentityProviderWithOptions(request, runtime);
}

model CreateAccessAssignmentRequest {
  accessConfigurationId?: string(name='AccessConfigurationId', description='The ID of the access configuration.', example='ac-00jhtfl8thteu6uj****'),
  directoryId?: string(name='DirectoryId', description='The ID of the directory.', example='d-00fc2p61****'),
  principalId?: string(name='PrincipalId', description='The ID of the CloudSSO identity.

*   If you set `PrincipalType` to `User`, set `PrincipalId` to the ID of the CloudSSO user.
*   If you set `PrincipalType` to `Group`, set `PrincipalId` to the ID of the CloudSSO group.', example='u-00q8wbq42wiltcrk****'),
  principalType?: string(name='PrincipalType', description='The type of the CloudSSO identity. Valid values:

*   User
*   Group', example='User'),
  targetId?: string(name='TargetId', description='The ID of the task object.', example='114240524784****'),
  targetType?: string(name='TargetType', description='The type of the task object. Set the value to RD-Account, which specifies the accounts in the resource directory.', example='RD-Account'),
}

model CreateAccessAssignmentResponseBody = {
  requestId?: string(name='RequestId', description='The request ID.', example='4726AA56-E138-5C99-85E4-F493536D042F'),
  task?: {
    accessConfigurationId?: string(name='AccessConfigurationId', description='The ID of the access configuration.', example='ac-00jhtfl8thteu6uj****'),
    accessConfigurationName?: string(name='AccessConfigurationName', description='The name of the access configuration.', example='ECS-Admin'),
    principalId?: string(name='PrincipalId', description='The ID of the CloudSSO identity.', example='u-00q8wbq42wiltcrk****'),
    principalName?: string(name='PrincipalName', description='The name of the CloudSSO identity.', example='Alice'),
    principalType?: string(name='PrincipalType', description='The type of the CloudSSO identity. Valid values:

*   User
*   Group', example='User'),
    status?: string(name='Status', description='The task status. Valid values:

*   InProgress: The task is running.
*   Success: The task is successful.
*   Failed: The task failed.', example='InProgress'),
    targetId?: string(name='TargetId', description='The ID of the task object.', example='114240524784****'),
    targetName?: string(name='TargetName', description='The name of the task object.', example='dev-test'),
    targetPath?: string(name='TargetPath', description='The path ID of the task object in the resource directory.'),
    targetPathName?: string(name='TargetPathName', description='The path name of the task object in the resource directory.'),
    targetType?: string(name='TargetType', description='The type of the task object. The value is fixed as RD-Account, which indicates the accounts in the resource directory.', example='RD-Account'),
    taskId?: string(name='TaskId', description='The ID of the job.', example='t-sh6tceylhvgejpip****'),
    taskType?: string(name='TaskType', description='The task type. The value is fixed as CreateAccessAssignment, which indicates that access permissions on an account in your resource directory are assigned.', example='CreateAccessAssignment'),
  }(name='Task', description='The queried task.'),
}

model CreateAccessAssignmentResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: CreateAccessAssignmentResponseBody(name='body'),
}

/**
 * @summary Assigns access permissions on an account in your resource directory to a user or a group by using an access configuration.
 *
 * @description When you call this operation, an asynchronous task is created. You can call the [GetTask](https://help.aliyun.com/document_detail/340670.html) operation to query the progress of the task based on the value of the `TaskId` response parameter.
 * For more information about how to assign permissions on an account in your resource directory, see [Overview of multi-account authorization](https://help.aliyun.com/document_detail/266726.html).
 * This topic provides an example on how to assign access permissions on the account `114240524784****` in your resource directory to the CloudSSO user `u-00q8wbq42wiltcrk****` by using the access configuration `ac-00jhtfl8thteu6uj****`. After the call is successful, the CloudSSO user can access resources within the account in the resource directory.
 *
 * @param request CreateAccessAssignmentRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return CreateAccessAssignmentResponse
 */
async function createAccessAssignmentWithOptions(request: CreateAccessAssignmentRequest, runtime: Util.RuntimeOptions): CreateAccessAssignmentResponse {
  Util.validateModel(request);
  var query = {};
  if (!Util.isUnset(request.accessConfigurationId)) {
    query['AccessConfigurationId'] = request.accessConfigurationId;
  }
  if (!Util.isUnset(request.directoryId)) {
    query['DirectoryId'] = request.directoryId;
  }
  if (!Util.isUnset(request.principalId)) {
    query['PrincipalId'] = request.principalId;
  }
  if (!Util.isUnset(request.principalType)) {
    query['PrincipalType'] = request.principalType;
  }
  if (!Util.isUnset(request.targetId)) {
    query['TargetId'] = request.targetId;
  }
  if (!Util.isUnset(request.targetType)) {
    query['TargetType'] = request.targetType;
  }
  var req = new OpenApi.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApi.Params{
    action = 'CreateAccessAssignment',
    version = '2021-05-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Assigns access permissions on an account in your resource directory to a user or a group by using an access configuration.
 *
 * @description When you call this operation, an asynchronous task is created. You can call the [GetTask](https://help.aliyun.com/document_detail/340670.html) operation to query the progress of the task based on the value of the `TaskId` response parameter.
 * For more information about how to assign permissions on an account in your resource directory, see [Overview of multi-account authorization](https://help.aliyun.com/document_detail/266726.html).
 * This topic provides an example on how to assign access permissions on the account `114240524784****` in your resource directory to the CloudSSO user `u-00q8wbq42wiltcrk****` by using the access configuration `ac-00jhtfl8thteu6uj****`. After the call is successful, the CloudSSO user can access resources within the account in the resource directory.
 *
 * @param request CreateAccessAssignmentRequest
 * @return CreateAccessAssignmentResponse
 */
async function createAccessAssignment(request: CreateAccessAssignmentRequest): CreateAccessAssignmentResponse {
  var runtime = new Util.RuntimeOptions{};
  return createAccessAssignmentWithOptions(request, runtime);
}

model CreateAccessConfigurationRequest {
  accessConfigurationName?: string(name='AccessConfigurationName', description='The name of the access configuration.

The name can contain letters, digits, and hyphens (-).

The name can be up to 32 characters in length.', example='ECS-Admin'),
  description?: string(name='Description', description='The description of the access configuration.

The description can be up to 1,024 characters in length.', example='This is an access configuration.'),
  directoryId?: string(name='DirectoryId', description='The ID of the directory.', example='d-00fc2p61****'),
  relayState?: string(name='RelayState', description='The initial web page that is displayed after a CloudSSO user accesses an account in your resource directory by using the access configuration.

The web page must be a page of the Alibaba Cloud Management Console. By default, this parameter is empty, which indicates that the initial web page is the homepage of the Alibaba Cloud Management Console.', example='https://cloudsso.console.aliyun.com'),
  sessionDuration?: int32(name='SessionDuration', description='The duration of a session in which a CloudSSO user accesses an account in your resource directory by using the access configuration.

Unit: seconds.

Valid values: 900 to 43200. The value 900 indicates 15 minutes. The value 43200 indicates 12 hours.

Default value: 3600. The value indicates 1 hour.', example='3600'),
}

model CreateAccessConfigurationResponseBody = {
  accessConfiguration?: {
    accessConfigurationId?: string(name='AccessConfigurationId', description='The ID of the access configuration.', example='ac-00jhtfl8thteu6uj****'),
    accessConfigurationName?: string(name='AccessConfigurationName', description='The name of the access configuration.', example='ECS-Admin'),
    createTime?: string(name='CreateTime', description='The time when the access configuration was created.', example='2021-11-02T08:44:23Z'),
    description?: string(name='Description', description='The description of the access configuration.', example='This is an access configuration.'),
    relayState?: string(name='RelayState', description='The initial web page that is displayed after a CloudSSO user accesses an account in your resource directory by using the access configuration.', example='https://cloudsso.console.aliyun.com'),
    sessionDuration?: int32(name='SessionDuration', description='The duration of a session in which a CloudSSO user accesses an account in your resource directory by using the access configuration.

Unit: seconds.', example='3600'),
    statusNotifications?: [ string ](name='StatusNotifications', description='The status notification.'),
    updateTime?: string(name='UpdateTime', description='The time when the information about the access configuration was modified.', example='2021-11-02T08:44:23Z'),
  }(name='AccessConfiguration', description='The information about the access configuration.'),
  requestId?: string(name='RequestId', description='The ID of the request.', example='A3A41736-A050-50B6-ABC5-590F376A0044'),
}

model CreateAccessConfigurationResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: CreateAccessConfigurationResponseBody(name='body'),
}

/**
 * @summary Creates an access configuration.
 *
 * @description For more information about access configurations, see [Overview of access configurations](https://help.aliyun.com/document_detail/266737.html).
 * This topic provides an example on how to create an access configuration named `ECS-Admin`.
 *
 * @param request CreateAccessConfigurationRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return CreateAccessConfigurationResponse
 */
async function createAccessConfigurationWithOptions(request: CreateAccessConfigurationRequest, runtime: Util.RuntimeOptions): CreateAccessConfigurationResponse {
  Util.validateModel(request);
  var query = {};
  if (!Util.isUnset(request.accessConfigurationName)) {
    query['AccessConfigurationName'] = request.accessConfigurationName;
  }
  if (!Util.isUnset(request.description)) {
    query['Description'] = request.description;
  }
  if (!Util.isUnset(request.directoryId)) {
    query['DirectoryId'] = request.directoryId;
  }
  if (!Util.isUnset(request.relayState)) {
    query['RelayState'] = request.relayState;
  }
  if (!Util.isUnset(request.sessionDuration)) {
    query['SessionDuration'] = request.sessionDuration;
  }
  var req = new OpenApi.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApi.Params{
    action = 'CreateAccessConfiguration',
    version = '2021-05-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Creates an access configuration.
 *
 * @description For more information about access configurations, see [Overview of access configurations](https://help.aliyun.com/document_detail/266737.html).
 * This topic provides an example on how to create an access configuration named `ECS-Admin`.
 *
 * @param request CreateAccessConfigurationRequest
 * @return CreateAccessConfigurationResponse
 */
async function createAccessConfiguration(request: CreateAccessConfigurationRequest): CreateAccessConfigurationResponse {
  var runtime = new Util.RuntimeOptions{};
  return createAccessConfigurationWithOptions(request, runtime);
}

model CreateDirectoryRequest {
  directoryName?: string(name='DirectoryName', description='The name of the directory. The name must be globally unique.

The name can contain lowercase letters, digits, or hyphens (-). The name cannot start or end with a hyphen (-) and cannot contain two consecutive hyphens (-). The name cannot start with d-.

The name must be 2 to 64 characters in length.

>  If you do not specify this parameter, the value of this parameter is automatically generated by the system.', example='example'),
}

model CreateDirectoryResponseBody = {
  directory?: {
    createTime?: string(name='CreateTime', description='The time when the directory was created. The time is displayed in UTC.', example='2021-10-10T04:04:04Z'),
    directoryId?: string(name='DirectoryId', description='The ID of the directory.', example='d-00fc2p61****'),
    directoryName?: string(name='DirectoryName', description='The name of the directory.', example='example'),
    region?: string(name='Region', description='The region ID of the directory.', example='cn-shanghai'),
    updateTime?: string(name='UpdateTime', description='The time when the directory was modified. The time is displayed in UTC.', example='2021-10-10T04:04:04Z'),
  }(name='Directory', description='The information about the directory.'),
  requestId?: string(name='RequestId', description='The ID of the request.', example='ADADC31D-90EE-5459-99B0-D83DF07769A3'),
}

model CreateDirectoryResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: CreateDirectoryResponseBody(name='body'),
}

/**
 * @summary Creates a directory.
 *
 * @description A directory is a CloudSSO instance. Before you can use CloudSSO, you must create a directory. The directory is used to manage all CloudSSO resources.
 * To create a directory, you must select a region. Alibaba Cloud stores data in the directory only in the region that you select. However, you can deploy Alibaba Cloud resources including Elastic Compute Service (ECS) instances and ApsaraDB RDS instances in other regions. You can also use your cloud account for logons and access the Alibaba Cloud resources in other regions. You can select a region to create a directory based on your security compliance requirements and the geographic location of specific users. If you do not have strict security compliance requirements, we recommend that you select a region that is the closest to the geographical location of the specific users. This way, access to cloud resources is accelerated. You can create the CloudSSO directory in the China (Shanghai), China (Hong Kong), US (Silicon Valley), or Germany (Frankfurt) region.
 * This topic provides an example on how to create a directory named `example` in the China (Shanghai) region.
 * ## Limits
 * - You can create only one directory for a management account.
 * - If you want to change the region of a directory, you must delete the directory and then create a directory in a different region.
 *
 * @param request CreateDirectoryRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return CreateDirectoryResponse
 */
async function createDirectoryWithOptions(request: CreateDirectoryRequest, runtime: Util.RuntimeOptions): CreateDirectoryResponse {
  Util.validateModel(request);
  var query = {};
  if (!Util.isUnset(request.directoryName)) {
    query['DirectoryName'] = request.directoryName;
  }
  var req = new OpenApi.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApi.Params{
    action = 'CreateDirectory',
    version = '2021-05-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Creates a directory.
 *
 * @description A directory is a CloudSSO instance. Before you can use CloudSSO, you must create a directory. The directory is used to manage all CloudSSO resources.
 * To create a directory, you must select a region. Alibaba Cloud stores data in the directory only in the region that you select. However, you can deploy Alibaba Cloud resources including Elastic Compute Service (ECS) instances and ApsaraDB RDS instances in other regions. You can also use your cloud account for logons and access the Alibaba Cloud resources in other regions. You can select a region to create a directory based on your security compliance requirements and the geographic location of specific users. If you do not have strict security compliance requirements, we recommend that you select a region that is the closest to the geographical location of the specific users. This way, access to cloud resources is accelerated. You can create the CloudSSO directory in the China (Shanghai), China (Hong Kong), US (Silicon Valley), or Germany (Frankfurt) region.
 * This topic provides an example on how to create a directory named `example` in the China (Shanghai) region.
 * ## Limits
 * - You can create only one directory for a management account.
 * - If you want to change the region of a directory, you must delete the directory and then create a directory in a different region.
 *
 * @param request CreateDirectoryRequest
 * @return CreateDirectoryResponse
 */
async function createDirectory(request: CreateDirectoryRequest): CreateDirectoryResponse {
  var runtime = new Util.RuntimeOptions{};
  return createDirectoryWithOptions(request, runtime);
}

model CreateGroupRequest {
  description?: string(name='Description', description='The description of the group.

The description can be up to 1,024 characters in length.', example='This is a group.'),
  directoryId?: string(name='DirectoryId', description='The ID of the directory.', example='d-00fc2p61****'),
  groupName?: string(name='GroupName', description='The name of the group.

The name can contain letters, digits, underscores (_), hyphens (-), and periods (.).

The name can be up to 128 characters in length.', example='TestGroup'),
}

model CreateGroupResponseBody = {
  group?: {
    createTime?: string(name='CreateTime', description='The time when the group was created.', example='2021-11-01T02:38:27Z'),
    description?: string(name='Description', description='The description of the group.', example='This is a group.'),
    groupId?: string(name='GroupId', description='The ID of the group.', example='g-00jqzghi2n3o5hkh****'),
    groupName?: string(name='GroupName', description='The name of the group.', example='TestGroup'),
    provisionType?: string(name='ProvisionType', description='The type of the group. The value is fixed as Manual, which indicates that the group is manually created.', example='Manual'),
    updateTime?: string(name='UpdateTime', description='The time when the information about the group was modified.', example='2021-11-01T02:38:27Z'),
  }(name='Group', description='The information about the group.'),
  requestId?: string(name='RequestId', description='The ID of the request.', example='20E9650E-EC23-593E-933F-EA0D280D040C'),
}

model CreateGroupResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: CreateGroupResponseBody(name='body'),
}

/**
 * @summary Creates a group.
 *
 * @description This topic provides an example on how to create a group named `TestGroup`.
 *
 * @param request CreateGroupRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return CreateGroupResponse
 */
async function createGroupWithOptions(request: CreateGroupRequest, runtime: Util.RuntimeOptions): CreateGroupResponse {
  Util.validateModel(request);
  var query = {};
  if (!Util.isUnset(request.description)) {
    query['Description'] = request.description;
  }
  if (!Util.isUnset(request.directoryId)) {
    query['DirectoryId'] = request.directoryId;
  }
  if (!Util.isUnset(request.groupName)) {
    query['GroupName'] = request.groupName;
  }
  var req = new OpenApi.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApi.Params{
    action = 'CreateGroup',
    version = '2021-05-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Creates a group.
 *
 * @description This topic provides an example on how to create a group named `TestGroup`.
 *
 * @param request CreateGroupRequest
 * @return CreateGroupResponse
 */
async function createGroup(request: CreateGroupRequest): CreateGroupResponse {
  var runtime = new Util.RuntimeOptions{};
  return createGroupWithOptions(request, runtime);
}

model CreateSCIMServerCredentialRequest {
  directoryId?: string(name='DirectoryId', description='The ID of the directory.', example='d-00fc2p61****'),
}

model CreateSCIMServerCredentialResponseBody = {
  requestId?: string(name='RequestId', description='The ID of the request.', example='2D2E5180-7ACF-57FF-A56C-26A49ABEBFF7'),
  SCIMServerCredential?: {
    createTime?: string(name='CreateTime', description='The time when the SCIM credential was created.', example='2021-11-09T08:12:52Z'),
    credentialId?: string(name='CredentialId', description='The ID of the SCIM credential.', example='scimcred-004whl0kvfwcypbi****'),
    credentialSecret?: string(name='CredentialSecret', description='The SCIM credential.

>  The SCIM credential is returned only when it is created. After the SCIM credential is created, you cannot query it. Keep the SCIM credential confidential.', example='8aAJCtpbyPJ8saXeYDgyw****'),
    credentialType?: string(name='CredentialType', description='The type of the SCIM credential.', example='BearerToken'),
    directoryId?: string(name='DirectoryId', description='The ID of the directory.', example='d-00fc2p61****'),
    expireTime?: string(name='ExpireTime', description='The time when the SCIM credential expires.', example='2022-11-09T08:12:52Z'),
    status?: string(name='Status', description='The status of the SCIM credential. The value is fixed as Enabled, which indicates that the SCIM credential is enabled.', example='Enabled'),
  }(name='SCIMServerCredential', description='The information about the SCIM credential.'),
}

model CreateSCIMServerCredentialResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: CreateSCIMServerCredentialResponseBody(name='body'),
}

/**
 * @summary Creates a Cross-domain Identity Management (SCIM) credential.
 *
 * @description SCIM credentials are required for SCIM synchronization. You can create up to two SCIM credentials.
 * This topic provides an example on how to create a SCIM credential within the directory `d-00fc2p61****`.
 *
 * @param request CreateSCIMServerCredentialRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return CreateSCIMServerCredentialResponse
 */
async function createSCIMServerCredentialWithOptions(request: CreateSCIMServerCredentialRequest, runtime: Util.RuntimeOptions): CreateSCIMServerCredentialResponse {
  Util.validateModel(request);
  var query = {};
  if (!Util.isUnset(request.directoryId)) {
    query['DirectoryId'] = request.directoryId;
  }
  var req = new OpenApi.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApi.Params{
    action = 'CreateSCIMServerCredential',
    version = '2021-05-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Creates a Cross-domain Identity Management (SCIM) credential.
 *
 * @description SCIM credentials are required for SCIM synchronization. You can create up to two SCIM credentials.
 * This topic provides an example on how to create a SCIM credential within the directory `d-00fc2p61****`.
 *
 * @param request CreateSCIMServerCredentialRequest
 * @return CreateSCIMServerCredentialResponse
 */
async function createSCIMServerCredential(request: CreateSCIMServerCredentialRequest): CreateSCIMServerCredentialResponse {
  var runtime = new Util.RuntimeOptions{};
  return createSCIMServerCredentialWithOptions(request, runtime);
}

model CreateUserRequest {
  description?: string(name='Description', description='The description of the user.

The description can be up to 1,024 characters in length.', example='This is a user.'),
  directoryId?: string(name='DirectoryId', description='The ID of the directory.', example='d-00fc2p61****'),
  displayName?: string(name='DisplayName', description='The display name of the user.

The name can be up to 256 characters in length.', example='Alice'),
  email?: string(name='Email', description='The email address of the user. The email address must be unique within the directory.

The email address can be up to 128 characters in length.', example='Alice@example.com'),
  firstName?: string(name='FirstName', description='The first name of the user.

The name can be up to 64 characters in length.', example='Alice'),
  lastName?: string(name='LastName', description='The last name of the user.

The name can be up to 64 characters in length.', example='Lee'),
  status?: string(name='Status', description='The status of the user. Valid values:

*   Enabled: The logon of the user is enabled. This is the default value.
*   Disabled: The logon of the user is disabled.', example='Enabled'),
  userName?: string(name='UserName', description='The name of the user. The name must be unique within the directory. The name cannot be changed.

The name can contain numbers, letters, and the following special characters: `@_-.`

The name can be up to 64 characters in length.', example='Alice'),
}

model CreateUserResponseBody = {
  requestId?: string(name='RequestId', description='The ID of the request.', example='F6F90F3D-4502-5877-B80B-97476F6AE2CC'),
  user?: {
    createTime?: string(name='CreateTime', description='The time when the user was created.', example='2021-10-26T03:03:42Z'),
    description?: string(name='Description', description='The description of the user.', example='This is a user.'),
    displayName?: string(name='DisplayName', description='The display name of the user.', example='Alice'),
    email?: string(name='Email', description='The email address of the user.', example='Alice@example.com'),
    firstName?: string(name='FirstName', description='The first name of the user.', example='Alice'),
    lastName?: string(name='LastName', description='The last name of the user.', example='Lee'),
    provisionType?: string(name='ProvisionType', description='The type of the user. Valid values:

*   Manual: The user is manually created.
*   Synchronized: The user is synchronized from an external identity provider (IdP).', example='Manual'),
    status?: string(name='Status', description='The status of the user. Valid values:

*   Enabled: The logon of the user is enabled.
*   Disabled: The logon of the user is disabled.', example='Enabled'),
    updateTime?: string(name='UpdateTime', description='The time when the user was modified.', example='2021-10-26T03:03:42Z'),
    userId?: string(name='UserId', description='The ID of the user.', example='u-00q8wbq42wiltcrk****'),
    userName?: string(name='UserName', description='The name of the user.', example='Alice'),
  }(name='User', description='The information about the user.'),
}

model CreateUserResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: CreateUserResponseBody(name='body'),
}

/**
 * @summary Creates a user.
 *
 * @description This topic provides an example on how to create a user named `Alice`.
 *
 * @param request CreateUserRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return CreateUserResponse
 */
async function createUserWithOptions(request: CreateUserRequest, runtime: Util.RuntimeOptions): CreateUserResponse {
  Util.validateModel(request);
  var query = {};
  if (!Util.isUnset(request.description)) {
    query['Description'] = request.description;
  }
  if (!Util.isUnset(request.directoryId)) {
    query['DirectoryId'] = request.directoryId;
  }
  if (!Util.isUnset(request.displayName)) {
    query['DisplayName'] = request.displayName;
  }
  if (!Util.isUnset(request.email)) {
    query['Email'] = request.email;
  }
  if (!Util.isUnset(request.firstName)) {
    query['FirstName'] = request.firstName;
  }
  if (!Util.isUnset(request.lastName)) {
    query['LastName'] = request.lastName;
  }
  if (!Util.isUnset(request.status)) {
    query['Status'] = request.status;
  }
  if (!Util.isUnset(request.userName)) {
    query['UserName'] = request.userName;
  }
  var req = new OpenApi.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApi.Params{
    action = 'CreateUser',
    version = '2021-05-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Creates a user.
 *
 * @description This topic provides an example on how to create a user named `Alice`.
 *
 * @param request CreateUserRequest
 * @return CreateUserResponse
 */
async function createUser(request: CreateUserRequest): CreateUserResponse {
  var runtime = new Util.RuntimeOptions{};
  return createUserWithOptions(request, runtime);
}

model CreateUserProvisioningRequest {
  deletionStrategy?: string(name='DeletionStrategy', description='The deletion policy. The policy is used to manage synchronized users when you delete the RAM user provisioning. Valid values:

*   Delete: When you delete the RAM user provisioning, the system deletes the synchronized users.
*   Keep: When you delete the RAM user provisioning, the system retains the synchronized users.', example='Delete'),
  description?: string(name='Description', description='The description.', example='This is a user provisioning.'),
  directoryId?: string(name='DirectoryId', description='The ID of the resource directory.', example='d-003qew84****'),
  duplicationStrategy?: string(name='DuplicationStrategy', description='The conflict handling policy. The policy is used when a RAM user has the same username as the CloudSSO user who is synchronized to RAM. Valid values:

*   KeepBoth: When a CloudSSO user is synchronized to RAM, if a RAM user who has the same username as the CloudSSO user exists, the system creates a RAM user whose username is the username of the CloudSSO user plus the suffix `_sso`.
*   TakeOver: When a CloudSSO user is synchronized to RAM, if a RAM user who has the same username as the CloudSSO user exists, the system replaces the RAM user with the CloudSSO user.', example='KeepBoth'),
  principalId?: string(name='PrincipalId', description='The identity ID of the RAM user provisioning. Valid values:

*   If you set the `PrincipalType` parameter to `Group`, the value of this parameter is the ID of a CloudSSO user group (g-\\\\*\\\\*\\\\*\\\\*\\\\*\\\\*\\\\*\\\\*).
*   If you set the `PrincipalType` parameter to `User`, the value of this parameter is the ID of a CloudSSO user (u-\\\\*\\\\*\\\\*\\\\*\\\\*\\\\*\\\\*\\\\*).', example='g-02ha881d*****'),
  principalType?: string(name='PrincipalType', description='The identity type of the RAM user provisioning. Valid values:

*   User: The identity of the RAM user provisioning is a CloudSSO user.
*   Group: The identity of the RAM user provisioning is a CloudSSO user group.', example='Group'),
  targetId?: string(name='TargetId', description='The ID of the object for which you create the RAM user provisioning. The value is fixed as the ID of the member in the resource directory.', example='1743382******'),
  targetType?: string(name='TargetType', description='The object for which you create the RAM user provisioning. The value is fixed as `RD-Account`.', example='RD-Account'),
}

model CreateUserProvisioningResponseBody = {
  requestId?: string(name='RequestId', description='The request ID.', example='F6F90F3D-4502-5877-B80B-97476F6AE2CC'),
  userProvisioning?: {
    createTime?: string(name='CreateTime', description='The creation time. The time is displayed in UTC.', example='2022-11-28T03:55:42Z'),
    deletionStrategy?: string(name='DeletionStrategy', description='The deletion policy. The policy is used to manage synchronized users when you delete the RAM user provisioning. Valid values:

*   Delete: When you delete the RAM user provisioning, the system deletes the synchronized users.
*   Keep: When you delete the RAM user provisioning, the system retains the synchronized users.', example='Delete'),
    description?: string(name='Description', description='The description.', example='this is a user provisioning.'),
    directoryId?: string(name='DirectoryId', description='The ID of the resource directory.', example='d-003qew84****'),
    duplicationStrategy?: string(name='DuplicationStrategy', description='The conflict handling policy. The policy is used when a RAM user has the same username as the CloudSSO user who is synchronized to RAM. Valid values:

*   KeepBoth: When a CloudSSO user is synchronized to RAM, if a RAM user who has the same username as the CloudSSO user exists, the system creates a RAM user whose username is the username of the CloudSSO user plus the suffix `_sso`.
*   TakeOver: When a CloudSSO user is synchronized to RAM, if a RAM user who has the same username as the CloudSSO user exists, the system replaces the RAM user with the CloudSSO user.', example='KeepBoth'),
    ownerPk?: string(name='OwnerPk', description='The ID of the Alibaba Cloud account to which the resource directory belongs.', example='1639738******'),
    principalId?: string(name='PrincipalId', description='The identity ID of the RAM user provisioning. Valid values:

*   If `Group` is returned for the `PrincipalType` parameter, the value of this parameter is the ID of a CloudSSO user group (g-\\\\*\\\\*\\\\*\\\\*\\\\*\\\\*\\\\*\\\\*).
*   If `User` is returned for the `PrincipalType` parameter, the value of this parameter is the ID of a CloudSSO user (u-\\\\*\\\\*\\\\*\\\\*\\\\*\\\\*\\\\*\\\\*).', example='g-02ha881d*****'),
    principalName?: string(name='PrincipalName', description='The identity name of the RAM user provisioning. Valid values:

*   If `Group` is returned for the `PrincipalType` parameter, the value of this parameter is the name of a CloudSSO user group.
*   If `User` is returned for the `PrincipalType` parameter, the value of this parameter is the name of a CloudSSO user.', example='testGroupName'),
    principalType?: string(name='PrincipalType', description='The identity type of the RAM user provisioning. Valid values:

*   User: The identity of the RAM user provisioning is a CloudSSO user.
*   Group: The identity of the RAM user provisioning is a CloudSSO user group.', example='Group'),
    status?: string(name='Status', description='The status of the RAM user provisioning. Valid values:

*   Enabled
*   Disabled', example='Enabled'),
    targetId?: string(name='TargetId', description='The ID of the object for which you create the RAM user provisioning. The value is fixed as the ID of the member in the resource directory.', example='1743382******'),
    targetName?: string(name='TargetName', description='The name of the object for which you create the RAM user provisioning. The value is fixed as the name of the member in the resource directory.', example='testTargetName'),
    targetPath?: string(name='TargetPath', description='The path of the resource directory in which you create the RAM user provisioning for the member.'),
    targetType?: string(name='TargetType', description='The object for which you create the RAM user provisioning. The value is fixed as `RD-Account`.', example='RD-Account'),
    updateTime?: string(name='UpdateTime', description='The modification time. The time is displayed in UTC.', example='2022-11-28T03:55:42Z'),
    userProvisioningId?: string(name='UserProvisioningId', description='The ID of the RAM user provisioning.', example='up-002axzhapcbz6e63****'),
  }(name='UserProvisioning', description='The information about the RAM user provisioning.'),
}

model CreateUserProvisioningResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: CreateUserProvisioningResponseBody(name='body'),
}

/**
 * @summary Creates a Resource Access Management (RAM) user provisioning.
 *
 * @description You can create a RAM user provisioning for a member in your resource directory to create a RAM user that has the same username as a CloudSSO user. This way, the CloudSSO user can access the resources of the member as the RAM user.
 *
 * @param request CreateUserProvisioningRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return CreateUserProvisioningResponse
 */
async function createUserProvisioningWithOptions(request: CreateUserProvisioningRequest, runtime: Util.RuntimeOptions): CreateUserProvisioningResponse {
  Util.validateModel(request);
  var query = {};
  if (!Util.isUnset(request.deletionStrategy)) {
    query['DeletionStrategy'] = request.deletionStrategy;
  }
  if (!Util.isUnset(request.description)) {
    query['Description'] = request.description;
  }
  if (!Util.isUnset(request.directoryId)) {
    query['DirectoryId'] = request.directoryId;
  }
  if (!Util.isUnset(request.duplicationStrategy)) {
    query['DuplicationStrategy'] = request.duplicationStrategy;
  }
  if (!Util.isUnset(request.principalId)) {
    query['PrincipalId'] = request.principalId;
  }
  if (!Util.isUnset(request.principalType)) {
    query['PrincipalType'] = request.principalType;
  }
  if (!Util.isUnset(request.targetId)) {
    query['TargetId'] = request.targetId;
  }
  if (!Util.isUnset(request.targetType)) {
    query['TargetType'] = request.targetType;
  }
  var req = new OpenApi.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApi.Params{
    action = 'CreateUserProvisioning',
    version = '2021-05-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Creates a Resource Access Management (RAM) user provisioning.
 *
 * @description You can create a RAM user provisioning for a member in your resource directory to create a RAM user that has the same username as a CloudSSO user. This way, the CloudSSO user can access the resources of the member as the RAM user.
 *
 * @param request CreateUserProvisioningRequest
 * @return CreateUserProvisioningResponse
 */
async function createUserProvisioning(request: CreateUserProvisioningRequest): CreateUserProvisioningResponse {
  var runtime = new Util.RuntimeOptions{};
  return createUserProvisioningWithOptions(request, runtime);
}

model DeleteAccessAssignmentRequest {
  accessConfigurationId?: string(name='AccessConfigurationId', description='The ID of the access configuration.', example='ac-00jhtfl8thteu6uj****'),
  deprovisionStrategy?: string(name='DeprovisionStrategy', description='Specifies whether to de-provision the access configuration when you remove the access permissions from the CloudSSO identity. The access configuration is used to assign the access permissions, and the identity is the only one that uses the access configuration and is associated with the account. Valid values:

*   DeprovisionForLastAccessAssignmentOnAccount: de-provisions the access configuration.
*   None: does not de-provision the access configuration. This is the default value.', example='None'),
  directoryId?: string(name='DirectoryId', description='The ID of the directory.', example='d-00fc2p61****'),
  principalId?: string(name='PrincipalId', description='The ID of the CloudSSO identity.

*   If you set `PrincipalType` to `User`, set `PrincipalId` to the ID of the CloudSSO user.
*   If you set `PrincipalType` to `Group`, set `PrincipalId` to the ID of the CloudSSO group.', example='u-00q8wbq42wiltcrk****'),
  principalType?: string(name='PrincipalType', description='The type of the CloudSSO identity. Valid values:

*   User
*   Group', example='User'),
  targetId?: string(name='TargetId', description='The ID of the task object.', example='114240524784****'),
  targetType?: string(name='TargetType', description='The type of the task object. Set the value to RD-Account, which specifies the accounts in the resource directory.', example='RD-Account'),
}

model DeleteAccessAssignmentResponseBody = {
  requestId?: string(name='RequestId', description='The request ID.', example='5C9D0CF4-5CE8-5CE6-932A-826EF4ADD007'),
  task?: {
    accessConfigurationId?: string(name='AccessConfigurationId', description='The ID of the access configuration.', example='ac-00jhtfl8thteu6uj****'),
    accessConfigurationName?: string(name='AccessConfigurationName', description='The name of the access configuration.', example='ECS-Admin'),
    principalId?: string(name='PrincipalId', description='The ID of the CloudSSO identity.', example='u-00q8wbq42wiltcrk****'),
    principalName?: string(name='PrincipalName', description='The name of the CloudSSO identity.', example='Alice'),
    principalType?: string(name='PrincipalType', description='The type of the CloudSSO identity. Valid values:

*   User
*   Group', example='User'),
    status?: string(name='Status', description='The task status. Valid values:

*   InProgress: The task is running.
*   Success: The task is successful.
*   Failed: The task failed.', example='InProgress'),
    targetId?: string(name='TargetId', description='The ID of the task object.', example='114240524784****'),
    targetName?: string(name='TargetName', description='The name of the task object.', example='dev-test'),
    targetPath?: string(name='TargetPath', description='The path ID of the task object in the resource directory.'),
    targetPathName?: string(name='TargetPathName', description='The path name of the task object in the resource directory.'),
    targetType?: string(name='TargetType', description='The type of the task object. The value is fixed as RD-Account, which indicates the accounts in the resource directory.', example='RD-Account'),
    taskId?: string(name='TaskId', description='The task ID.', example='t-shfqw1u1edszvxw5****'),
    taskType?: string(name='TaskType', description='The task type. The value is fixed as DeleteAccessAssignment, which indicates that access permissions on an account in your resource directory are removed.', example='DeleteAccessAssignment'),
  }(name='Task', description='The task information.'),
}

model DeleteAccessAssignmentResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: DeleteAccessAssignmentResponseBody(name='body'),
}

/**
 * @summary Removes the access permissions on an account in a resource directory.
 *
 * @description When you call this operation, an asynchronous task is created. You can call the [GetTask](https://help.aliyun.com/document_detail/340670.html) operation to query the progress of the task based on the value of the `TaskId` response parameter.
 * This topic provides an example on how to remove the access permissions on the account `114240524784****` in the resource directory from the CloudSSO user `u-00q8wbq42wiltcrk****`. The access permissions are assigned by using the access configuration `ac-00jhtfl8thteu6uj****`.
 *
 * @param request DeleteAccessAssignmentRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return DeleteAccessAssignmentResponse
 */
async function deleteAccessAssignmentWithOptions(request: DeleteAccessAssignmentRequest, runtime: Util.RuntimeOptions): DeleteAccessAssignmentResponse {
  Util.validateModel(request);
  var query = {};
  if (!Util.isUnset(request.accessConfigurationId)) {
    query['AccessConfigurationId'] = request.accessConfigurationId;
  }
  if (!Util.isUnset(request.deprovisionStrategy)) {
    query['DeprovisionStrategy'] = request.deprovisionStrategy;
  }
  if (!Util.isUnset(request.directoryId)) {
    query['DirectoryId'] = request.directoryId;
  }
  if (!Util.isUnset(request.principalId)) {
    query['PrincipalId'] = request.principalId;
  }
  if (!Util.isUnset(request.principalType)) {
    query['PrincipalType'] = request.principalType;
  }
  if (!Util.isUnset(request.targetId)) {
    query['TargetId'] = request.targetId;
  }
  if (!Util.isUnset(request.targetType)) {
    query['TargetType'] = request.targetType;
  }
  var req = new OpenApi.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApi.Params{
    action = 'DeleteAccessAssignment',
    version = '2021-05-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Removes the access permissions on an account in a resource directory.
 *
 * @description When you call this operation, an asynchronous task is created. You can call the [GetTask](https://help.aliyun.com/document_detail/340670.html) operation to query the progress of the task based on the value of the `TaskId` response parameter.
 * This topic provides an example on how to remove the access permissions on the account `114240524784****` in the resource directory from the CloudSSO user `u-00q8wbq42wiltcrk****`. The access permissions are assigned by using the access configuration `ac-00jhtfl8thteu6uj****`.
 *
 * @param request DeleteAccessAssignmentRequest
 * @return DeleteAccessAssignmentResponse
 */
async function deleteAccessAssignment(request: DeleteAccessAssignmentRequest): DeleteAccessAssignmentResponse {
  var runtime = new Util.RuntimeOptions{};
  return deleteAccessAssignmentWithOptions(request, runtime);
}

model DeleteAccessConfigurationRequest {
  accessConfigurationId?: string(name='AccessConfigurationId', description='The ID of the access configuration.', example='ac-001j9mcm3k7335bc****'),
  directoryId?: string(name='DirectoryId', description='The ID of the directory.', example='d-00fc2p61****'),
  forceRemovePermissionPolicies?: boolean(name='ForceRemovePermissionPolicies', description='Specifies whether to forcibly remove system policies and inline policies. Valid values:

*   true: When you delete the access configuration, the associated system policies and inline policies are forcibly removed.
*   false: When you delete the access configuration, the associated system policies and inline policies are not forcibly removed. This is the default value. If these policies exist in the access configuration, the deletion fails. Before you delete the access configuration, you must remove the system policies and inline policies. For more information, see [RemovePermissionPolicyFromAccessConfiguration](https://help.aliyun.com/document_detail/336904.html).', example='false'),
}

model DeleteAccessConfigurationResponseBody = {
  requestId?: string(name='RequestId', description='The ID of the request.', example='9B13E4EE-3853-5852-9165-597C32AD8FB7'),
}

model DeleteAccessConfigurationResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: DeleteAccessConfigurationResponseBody(name='body'),
}

/**
 * @summary Deletes an access configuration.
 *
 * @description This topic provides an example on how to delete the access configuration whose ID is `ac-001j9mcm3k7335bc****`.
 * ## Prerequisites
 * The access configuration that you want to delete is de-provisioned from the accounts in your resource directory. For more information, see [DeprovisionAccessConfiguration](https://help.aliyun.com/document_detail/338352.html).
 *
 * @param request DeleteAccessConfigurationRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return DeleteAccessConfigurationResponse
 */
async function deleteAccessConfigurationWithOptions(request: DeleteAccessConfigurationRequest, runtime: Util.RuntimeOptions): DeleteAccessConfigurationResponse {
  Util.validateModel(request);
  var query = {};
  if (!Util.isUnset(request.accessConfigurationId)) {
    query['AccessConfigurationId'] = request.accessConfigurationId;
  }
  if (!Util.isUnset(request.directoryId)) {
    query['DirectoryId'] = request.directoryId;
  }
  if (!Util.isUnset(request.forceRemovePermissionPolicies)) {
    query['ForceRemovePermissionPolicies'] = request.forceRemovePermissionPolicies;
  }
  var req = new OpenApi.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApi.Params{
    action = 'DeleteAccessConfiguration',
    version = '2021-05-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Deletes an access configuration.
 *
 * @description This topic provides an example on how to delete the access configuration whose ID is `ac-001j9mcm3k7335bc****`.
 * ## Prerequisites
 * The access configuration that you want to delete is de-provisioned from the accounts in your resource directory. For more information, see [DeprovisionAccessConfiguration](https://help.aliyun.com/document_detail/338352.html).
 *
 * @param request DeleteAccessConfigurationRequest
 * @return DeleteAccessConfigurationResponse
 */
async function deleteAccessConfiguration(request: DeleteAccessConfigurationRequest): DeleteAccessConfigurationResponse {
  var runtime = new Util.RuntimeOptions{};
  return deleteAccessConfigurationWithOptions(request, runtime);
}

model DeleteDirectoryRequest {
  directoryId?: string(name='DirectoryId', description='The ID of the directory.', example='d-00fc2p61****'),
}

model DeleteDirectoryResponseBody = {
  requestId?: string(name='RequestId', description='The ID of the request.', example='B182C041-8C64-5F2F-A07B-FC67FAF89CF9'),
}

model DeleteDirectoryResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: DeleteDirectoryResponseBody(name='body'),
}

/**
 * @summary Deletes a directory.
 *
 * @description This topic provides an example on how to delete a directory whose ID is `d-00fc2p61****`.
 * ## Prerequisites
 * No resources are contained in the directory that you want to delete.
 * *   Access permissions on the accounts in your resource directory are removed from all users and groups. For more information, see [DeleteAccessAssignment](https://help.aliyun.com/document_detail/338350.html).
 * *   Users are deleted. For more information, see [DeleteUser](https://help.aliyun.com/document_detail/341671.html).
 * *   Groups are deleted. For more information, see [DeleteGroup](https://help.aliyun.com/document_detail/341821.html).
 * *   Access configurations are deleted. For more information, see [DeleteAccessConfiguration](https://help.aliyun.com/document_detail/336907.html).
 * *   System for Cross-domain Identity Management (SCIM) credentials are deleted. For more information, see [DeleteSCIMServerCredential](https://help.aliyun.com/document_detail/341842.html).
 * *   SSO logon configurations are deleted. For more information, see [ClearExternalSAMLIdentityProvider](https://help.aliyun.com/document_detail/341573.html).
 *
 * @param request DeleteDirectoryRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return DeleteDirectoryResponse
 */
async function deleteDirectoryWithOptions(request: DeleteDirectoryRequest, runtime: Util.RuntimeOptions): DeleteDirectoryResponse {
  Util.validateModel(request);
  var query = {};
  if (!Util.isUnset(request.directoryId)) {
    query['DirectoryId'] = request.directoryId;
  }
  var req = new OpenApi.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApi.Params{
    action = 'DeleteDirectory',
    version = '2021-05-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Deletes a directory.
 *
 * @description This topic provides an example on how to delete a directory whose ID is `d-00fc2p61****`.
 * ## Prerequisites
 * No resources are contained in the directory that you want to delete.
 * *   Access permissions on the accounts in your resource directory are removed from all users and groups. For more information, see [DeleteAccessAssignment](https://help.aliyun.com/document_detail/338350.html).
 * *   Users are deleted. For more information, see [DeleteUser](https://help.aliyun.com/document_detail/341671.html).
 * *   Groups are deleted. For more information, see [DeleteGroup](https://help.aliyun.com/document_detail/341821.html).
 * *   Access configurations are deleted. For more information, see [DeleteAccessConfiguration](https://help.aliyun.com/document_detail/336907.html).
 * *   System for Cross-domain Identity Management (SCIM) credentials are deleted. For more information, see [DeleteSCIMServerCredential](https://help.aliyun.com/document_detail/341842.html).
 * *   SSO logon configurations are deleted. For more information, see [ClearExternalSAMLIdentityProvider](https://help.aliyun.com/document_detail/341573.html).
 *
 * @param request DeleteDirectoryRequest
 * @return DeleteDirectoryResponse
 */
async function deleteDirectory(request: DeleteDirectoryRequest): DeleteDirectoryResponse {
  var runtime = new Util.RuntimeOptions{};
  return deleteDirectoryWithOptions(request, runtime);
}

model DeleteGroupRequest {
  directoryId?: string(name='DirectoryId', description='The ID of the directory.', example='d-00fc2p61****'),
  groupId?: string(name='GroupId', description='The ID of the group.', example='g-00jqzghi2n3o5hkh****'),
}

model DeleteGroupResponseBody = {
  requestId?: string(name='RequestId', description='The ID of the request.', example='F723DE01-6276-5DC4-9B1F-9CBE3E1748B2'),
}

model DeleteGroupResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: DeleteGroupResponseBody(name='body'),
}

/**
 * @summary Deletes a group.
 *
 * @description If System for Cross-domain Identity Management (SCIM) synchronization is enabled, you cannot delete a group that is synchronized by using SCIM.
 * ## Prerequisites
 * The group that you want to delete is not associated with the following resources. If the group is associated with the resources, the deletion fails.
 * *   Users: You must remove users from the group. For more information, see [RemoveUserFromGroup](https://help.aliyun.com/document_detail/335116.html).
 * *   Access permissions: You must remove the access permissions on the accounts in your resource directory from the group. For more information, see [DeleteAccessAssignment](https://help.aliyun.com/document_detail/338350.html).
 *
 * @param request DeleteGroupRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return DeleteGroupResponse
 */
async function deleteGroupWithOptions(request: DeleteGroupRequest, runtime: Util.RuntimeOptions): DeleteGroupResponse {
  Util.validateModel(request);
  var query = {};
  if (!Util.isUnset(request.directoryId)) {
    query['DirectoryId'] = request.directoryId;
  }
  if (!Util.isUnset(request.groupId)) {
    query['GroupId'] = request.groupId;
  }
  var req = new OpenApi.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApi.Params{
    action = 'DeleteGroup',
    version = '2021-05-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Deletes a group.
 *
 * @description If System for Cross-domain Identity Management (SCIM) synchronization is enabled, you cannot delete a group that is synchronized by using SCIM.
 * ## Prerequisites
 * The group that you want to delete is not associated with the following resources. If the group is associated with the resources, the deletion fails.
 * *   Users: You must remove users from the group. For more information, see [RemoveUserFromGroup](https://help.aliyun.com/document_detail/335116.html).
 * *   Access permissions: You must remove the access permissions on the accounts in your resource directory from the group. For more information, see [DeleteAccessAssignment](https://help.aliyun.com/document_detail/338350.html).
 *
 * @param request DeleteGroupRequest
 * @return DeleteGroupResponse
 */
async function deleteGroup(request: DeleteGroupRequest): DeleteGroupResponse {
  var runtime = new Util.RuntimeOptions{};
  return deleteGroupWithOptions(request, runtime);
}

model DeleteMFADeviceForUserRequest {
  directoryId?: string(name='DirectoryId', description='The ID of the directory.', example='d-00fc2p61****'),
  MFADeviceId?: string(name='MFADeviceId', description='The ID of the MFA device.

You can call the [ListMFADevicesForUser](https://help.aliyun.com/document_detail/333531.html) operation to query the IDs of MFA devices.', example='mfa-00ujhet8pycljj7j****'),
  userId?: string(name='UserId', description='The ID of the user.', example='u-00q8wbq42wiltcrk****'),
}

model DeleteMFADeviceForUserResponseBody = {
  requestId?: string(name='RequestId', description='The ID of the request.', example='8B9982ED-FD0D-5622-8EA0-7B768685DCE7'),
}

model DeleteMFADeviceForUserResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: DeleteMFADeviceForUserResponseBody(name='body'),
}

/**
 * @summary Unbinds a multi-factor authentication (MFA) device from a user.
 *
 * @description This topic provides an example on how to unbind the MFA device `mfa-00ujhet8pycljj7j****` from the user `u-00q8wbq42wiltcrk****`.
 *
 * @param request DeleteMFADeviceForUserRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return DeleteMFADeviceForUserResponse
 */
async function deleteMFADeviceForUserWithOptions(request: DeleteMFADeviceForUserRequest, runtime: Util.RuntimeOptions): DeleteMFADeviceForUserResponse {
  Util.validateModel(request);
  var query = {};
  if (!Util.isUnset(request.directoryId)) {
    query['DirectoryId'] = request.directoryId;
  }
  if (!Util.isUnset(request.MFADeviceId)) {
    query['MFADeviceId'] = request.MFADeviceId;
  }
  if (!Util.isUnset(request.userId)) {
    query['UserId'] = request.userId;
  }
  var req = new OpenApi.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApi.Params{
    action = 'DeleteMFADeviceForUser',
    version = '2021-05-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Unbinds a multi-factor authentication (MFA) device from a user.
 *
 * @description This topic provides an example on how to unbind the MFA device `mfa-00ujhet8pycljj7j****` from the user `u-00q8wbq42wiltcrk****`.
 *
 * @param request DeleteMFADeviceForUserRequest
 * @return DeleteMFADeviceForUserResponse
 */
async function deleteMFADeviceForUser(request: DeleteMFADeviceForUserRequest): DeleteMFADeviceForUserResponse {
  var runtime = new Util.RuntimeOptions{};
  return deleteMFADeviceForUserWithOptions(request, runtime);
}

model DeleteSCIMServerCredentialRequest {
  credentialId?: string(name='CredentialId', description='The ID of the SCIM credential.', example='scimcred-004whl0kvfwcypbi****'),
  directoryId?: string(name='DirectoryId', description='The ID of the directory.', example='d-00fc2p61****'),
}

model DeleteSCIMServerCredentialResponseBody = {
  requestId?: string(name='RequestId', description='The ID of the request.', example='8CE8B990-193D-50CE-A604-69F3E7DCE740'),
}

model DeleteSCIMServerCredentialResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: DeleteSCIMServerCredentialResponseBody(name='body'),
}

/**
 * @summary Deletes a Cross-domain Identity Management (SCIM) credential.
 *
 * @description After a SCIM credential is deleted, the synchronization task that uses the SCIM credential fails.
 * This topic provides an example on how to delete the SCIM credential whose ID is `scimcred-004whl0kvfwcypbi****`.
 *
 * @param request DeleteSCIMServerCredentialRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return DeleteSCIMServerCredentialResponse
 */
async function deleteSCIMServerCredentialWithOptions(request: DeleteSCIMServerCredentialRequest, runtime: Util.RuntimeOptions): DeleteSCIMServerCredentialResponse {
  Util.validateModel(request);
  var query = {};
  if (!Util.isUnset(request.credentialId)) {
    query['CredentialId'] = request.credentialId;
  }
  if (!Util.isUnset(request.directoryId)) {
    query['DirectoryId'] = request.directoryId;
  }
  var req = new OpenApi.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApi.Params{
    action = 'DeleteSCIMServerCredential',
    version = '2021-05-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Deletes a Cross-domain Identity Management (SCIM) credential.
 *
 * @description After a SCIM credential is deleted, the synchronization task that uses the SCIM credential fails.
 * This topic provides an example on how to delete the SCIM credential whose ID is `scimcred-004whl0kvfwcypbi****`.
 *
 * @param request DeleteSCIMServerCredentialRequest
 * @return DeleteSCIMServerCredentialResponse
 */
async function deleteSCIMServerCredential(request: DeleteSCIMServerCredentialRequest): DeleteSCIMServerCredentialResponse {
  var runtime = new Util.RuntimeOptions{};
  return deleteSCIMServerCredentialWithOptions(request, runtime);
}

model DeleteUserRequest {
  directoryId?: string(name='DirectoryId', description='The ID of the directory.', example='d-00fc2p61****'),
  userId?: string(name='UserId', description='The ID of the user.', example='u-00q8wbq42wiltcrk****'),
}

model DeleteUserResponseBody = {
  requestId?: string(name='RequestId', description='The ID of the request.', example='E598602-AC67-56EF-B7CC-2927C30AA0A8'),
}

model DeleteUserResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: DeleteUserResponseBody(name='body'),
}

/**
 * @summary Deletes a user.
 *
 * @description If System for Cross-domain Identity Management (SCIM) synchronization is enabled, you cannot delete a user that is synchronized by using SCIM.
 * ## Prerequisites
 * The user that you want to delete is not associated with the following resources. If the user is associated with the resources, the deletion fails.
 * *   Multi-factor authentication (MFA) devices: You must unbind the MFA devices from the user. For more information, see [DeleteMFADeviceForUser](https://help.aliyun.com/document_detail/341675.html).
 * *   Access permissions: You must remove the access permissions on the accounts in your resource directory from the user. For more information, see [DeleteAccessAssignment](https://help.aliyun.com/document_detail/338350.html).
 * *   Groups: You must remove the user from groups. For more information, see [RemoveUserFromGroup](https://help.aliyun.com/document_detail/335116.html).
 *
 * @param request DeleteUserRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return DeleteUserResponse
 */
async function deleteUserWithOptions(request: DeleteUserRequest, runtime: Util.RuntimeOptions): DeleteUserResponse {
  Util.validateModel(request);
  var query = {};
  if (!Util.isUnset(request.directoryId)) {
    query['DirectoryId'] = request.directoryId;
  }
  if (!Util.isUnset(request.userId)) {
    query['UserId'] = request.userId;
  }
  var req = new OpenApi.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApi.Params{
    action = 'DeleteUser',
    version = '2021-05-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Deletes a user.
 *
 * @description If System for Cross-domain Identity Management (SCIM) synchronization is enabled, you cannot delete a user that is synchronized by using SCIM.
 * ## Prerequisites
 * The user that you want to delete is not associated with the following resources. If the user is associated with the resources, the deletion fails.
 * *   Multi-factor authentication (MFA) devices: You must unbind the MFA devices from the user. For more information, see [DeleteMFADeviceForUser](https://help.aliyun.com/document_detail/341675.html).
 * *   Access permissions: You must remove the access permissions on the accounts in your resource directory from the user. For more information, see [DeleteAccessAssignment](https://help.aliyun.com/document_detail/338350.html).
 * *   Groups: You must remove the user from groups. For more information, see [RemoveUserFromGroup](https://help.aliyun.com/document_detail/335116.html).
 *
 * @param request DeleteUserRequest
 * @return DeleteUserResponse
 */
async function deleteUser(request: DeleteUserRequest): DeleteUserResponse {
  var runtime = new Util.RuntimeOptions{};
  return deleteUserWithOptions(request, runtime);
}

model DeleteUserProvisioningRequest {
  deletionStrategy?: string(name='DeletionStrategy', description='The deletion policy. The policy is used to manage synchronized users when you delete the RAM user provisioning. Valid values:

*   Delete: When you delete the RAM user provisioning, the system deletes the synchronized users.
*   Keep: When you delete the RAM user provisioning, the system retains the synchronized users.

>  If you do not specify this parameter, the deletion policy that is configured when you create the RAM user provisioning is used.', example='Delete'),
  directoryId?: string(name='DirectoryId', description='The ID of the resource directory.', example='d-003qew84****'),
  userProvisioningId?: string(name='UserProvisioningId', description='The ID of the RAM user provisioning.', example='up-002axzhapcbz6e63****'),
}

model DeleteUserProvisioningResponseBody = {
  requestId?: string(name='RequestId', description='The request ID.', example='F6F90F3D-4502-5877-B80B-97476F6AE2CC'),
}

model DeleteUserProvisioningResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: DeleteUserProvisioningResponseBody(name='body'),
}

/**
 * @summary Deletes a Resource Access Management (RAM) user provisioning.
 *
 * @param request DeleteUserProvisioningRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return DeleteUserProvisioningResponse
 */
async function deleteUserProvisioningWithOptions(request: DeleteUserProvisioningRequest, runtime: Util.RuntimeOptions): DeleteUserProvisioningResponse {
  Util.validateModel(request);
  var query = {};
  if (!Util.isUnset(request.deletionStrategy)) {
    query['DeletionStrategy'] = request.deletionStrategy;
  }
  if (!Util.isUnset(request.directoryId)) {
    query['DirectoryId'] = request.directoryId;
  }
  if (!Util.isUnset(request.userProvisioningId)) {
    query['UserProvisioningId'] = request.userProvisioningId;
  }
  var req = new OpenApi.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApi.Params{
    action = 'DeleteUserProvisioning',
    version = '2021-05-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Deletes a Resource Access Management (RAM) user provisioning.
 *
 * @param request DeleteUserProvisioningRequest
 * @return DeleteUserProvisioningResponse
 */
async function deleteUserProvisioning(request: DeleteUserProvisioningRequest): DeleteUserProvisioningResponse {
  var runtime = new Util.RuntimeOptions{};
  return deleteUserProvisioningWithOptions(request, runtime);
}

model DeleteUserProvisioningEventRequest {
  directoryId?: string(name='DirectoryId', description='The ID of the resource directory.', example='d-003qew84****'),
  eventId?: string(name='EventId', description='The ID of the RAM user provisioning event.

You can call the [ListUserProvisioningEvents](https://help.aliyun.com/document_detail/2636305.html) operation to query the value of `EventId`.', example='upe-wjKyNDmZvyZOiRcJ****'),
  userProvisioningId?: string(name='UserProvisioningId', description='The ID of the RAM user provisioning.', example='up-002axzhapcbz6e63****'),
}

model DeleteUserProvisioningEventResponseBody = {
  requestId?: string(name='RequestId', description='The request ID.', example='A9287DA5-FD59-32A0-A810-1962E8B58ABB'),
}

model DeleteUserProvisioningEventResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: DeleteUserProvisioningEventResponseBody(name='body'),
}

/**
 * @summary Deletes a Resource Access Management (RAM) user provisioning event.
 *
 * @param request DeleteUserProvisioningEventRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return DeleteUserProvisioningEventResponse
 */
async function deleteUserProvisioningEventWithOptions(request: DeleteUserProvisioningEventRequest, runtime: Util.RuntimeOptions): DeleteUserProvisioningEventResponse {
  Util.validateModel(request);
  var query = {};
  if (!Util.isUnset(request.directoryId)) {
    query['DirectoryId'] = request.directoryId;
  }
  if (!Util.isUnset(request.eventId)) {
    query['EventId'] = request.eventId;
  }
  if (!Util.isUnset(request.userProvisioningId)) {
    query['UserProvisioningId'] = request.userProvisioningId;
  }
  var req = new OpenApi.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApi.Params{
    action = 'DeleteUserProvisioningEvent',
    version = '2021-05-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Deletes a Resource Access Management (RAM) user provisioning event.
 *
 * @param request DeleteUserProvisioningEventRequest
 * @return DeleteUserProvisioningEventResponse
 */
async function deleteUserProvisioningEvent(request: DeleteUserProvisioningEventRequest): DeleteUserProvisioningEventResponse {
  var runtime = new Util.RuntimeOptions{};
  return deleteUserProvisioningEventWithOptions(request, runtime);
}

model DeprovisionAccessConfigurationRequest {
  accessConfigurationId?: string(name='AccessConfigurationId', description='The ID of the access configuration.', example='ac-00jhtfl8thteu6uj****'),
  directoryId?: string(name='DirectoryId', description='The directory ID.', example='d-00fc2p61****'),
  targetId?: string(name='TargetId', description='The ID of the task object.', example='114240524784****'),
  targetType?: string(name='TargetType', description='The type of the task object. Set the value to RD-Account, which specifies the accounts in the resource directory.', example='RD-Account'),
}

model DeprovisionAccessConfigurationResponseBody = {
  requestId?: string(name='RequestId', description='The request ID.', example='584FE9D0-D1AC-5B19-A39C-8D244FC0538C'),
  tasks?: [ 
    {
      accessConfigurationId?: string(name='AccessConfigurationId', description='The ID of the access configuration.', example='ac-00jhtfl8thteu6uj****'),
      accessConfigurationName?: string(name='AccessConfigurationName', description='The name of the access configuration.', example='ECS-Admin'),
      status?: string(name='Status', description='The task status. Valid values:

*   InProgress: The task is running.
*   Success: The task is successful.
*   Failed: The task failed.', example='InProgress'),
      targetId?: string(name='TargetId', description='The ID of the task object.', example='114240524784****'),
      targetName?: string(name='TargetName', description='The name of the task object.', example='dev-test'),
      targetPath?: string(name='TargetPath', description='The path ID of the task object in the resource directory.'),
      targetPathName?: string(name='TargetPathName', description='The path name of the task object in the resource directory.'),
      targetType?: string(name='TargetType', description='The type of the task object. The value is fixed as RD-Account, which indicates the accounts in the resource directory.', example='RD-Account'),
      taskId?: string(name='TaskId', description='The task ID.', example='t-sh0655wnq8pdlrlc****'),
      taskType?: string(name='TaskType', description='The task type. The value is fixed as DeprovisionAccessConfiguration, which indicates that the access configuration is de-provisioned.', example='DeprovisionAccessConfiguration'),
    }
  ](name='Tasks', description='The task information.'),
}

model DeprovisionAccessConfigurationResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: DeprovisionAccessConfigurationResponseBody(name='body'),
}

/**
 * @summary De-provisions an access configuration from an account in your resource directory.
 *
 * @description When you call this operation, an asynchronous task is automatically created. You can call the [GetTask](https://help.aliyun.com/document_detail/340670.html) operation to query the progress of the task based on the value of the `TaskId` response parameter.
 * This topic provides an example on how to de-provision the access configuration `ac-00jhtfl8thteu6uj****` from the account `114240524784****` in your resource directory.
 *
 * @param request DeprovisionAccessConfigurationRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return DeprovisionAccessConfigurationResponse
 */
async function deprovisionAccessConfigurationWithOptions(request: DeprovisionAccessConfigurationRequest, runtime: Util.RuntimeOptions): DeprovisionAccessConfigurationResponse {
  Util.validateModel(request);
  var query = {};
  if (!Util.isUnset(request.accessConfigurationId)) {
    query['AccessConfigurationId'] = request.accessConfigurationId;
  }
  if (!Util.isUnset(request.directoryId)) {
    query['DirectoryId'] = request.directoryId;
  }
  if (!Util.isUnset(request.targetId)) {
    query['TargetId'] = request.targetId;
  }
  if (!Util.isUnset(request.targetType)) {
    query['TargetType'] = request.targetType;
  }
  var req = new OpenApi.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApi.Params{
    action = 'DeprovisionAccessConfiguration',
    version = '2021-05-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary De-provisions an access configuration from an account in your resource directory.
 *
 * @description When you call this operation, an asynchronous task is automatically created. You can call the [GetTask](https://help.aliyun.com/document_detail/340670.html) operation to query the progress of the task based on the value of the `TaskId` response parameter.
 * This topic provides an example on how to de-provision the access configuration `ac-00jhtfl8thteu6uj****` from the account `114240524784****` in your resource directory.
 *
 * @param request DeprovisionAccessConfigurationRequest
 * @return DeprovisionAccessConfigurationResponse
 */
async function deprovisionAccessConfiguration(request: DeprovisionAccessConfigurationRequest): DeprovisionAccessConfigurationResponse {
  var runtime = new Util.RuntimeOptions{};
  return deprovisionAccessConfigurationWithOptions(request, runtime);
}

model DisableDelegateAccountRequest {
  accountId?: string(name='AccountId', description='The ID of the delegated administrator account of CloudSSO.', example='1200971777065046'),
}

model DisableDelegateAccountResponseBody = {
  requestId?: string(name='RequestId', description='The request ID.', example='12B3E332-DD16-515B-B695-39BA233AA172'),
}

model DisableDelegateAccountResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: DisableDelegateAccountResponseBody(name='body'),
}

/**
 * @summary Disables the delegated administrator account of CloudSSO.
 *
 * @param request DisableDelegateAccountRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return DisableDelegateAccountResponse
 */
async function disableDelegateAccountWithOptions(request: DisableDelegateAccountRequest, runtime: Util.RuntimeOptions): DisableDelegateAccountResponse {
  Util.validateModel(request);
  var query = {};
  if (!Util.isUnset(request.accountId)) {
    query['AccountId'] = request.accountId;
  }
  var req = new OpenApi.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApi.Params{
    action = 'DisableDelegateAccount',
    version = '2021-05-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Disables the delegated administrator account of CloudSSO.
 *
 * @param request DisableDelegateAccountRequest
 * @return DisableDelegateAccountResponse
 */
async function disableDelegateAccount(request: DisableDelegateAccountRequest): DisableDelegateAccountResponse {
  var runtime = new Util.RuntimeOptions{};
  return disableDelegateAccountWithOptions(request, runtime);
}

model DisableServiceResponseBody = {
  requestId?: string(name='RequestId', description='The ID of the request.', example='3257EAD2-8723-1F26-B69C-F8707D8B565D'),
}

model DisableServiceResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: DisableServiceResponseBody(name='body'),
}

/**
 * @summary Disables CloudSSO.
 *
 * @description If your CloudSSO has no directory, you can disable CloudSSO based on your business requirements. After you disable CloudSSO, you can enable it at any time.
 *
 * @param request DisableServiceRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return DisableServiceResponse
 */
async function disableServiceWithOptions(runtime: Util.RuntimeOptions): DisableServiceResponse {
  var req = new OpenApi.OpenApiRequest{};
  var params = new OpenApi.Params{
    action = 'DisableService',
    version = '2021-05-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Disables CloudSSO.
 *
 * @description If your CloudSSO has no directory, you can disable CloudSSO based on your business requirements. After you disable CloudSSO, you can enable it at any time.
 *
 * @return DisableServiceResponse
 */
async function disableService(): DisableServiceResponse {
  var runtime = new Util.RuntimeOptions{};
  return disableServiceWithOptions(runtime);
}

model EnableDelegateAccountRequest {
  accountId?: string(name='AccountId', description='The ID of the delegated administrator account of CloudSSO.', example='180658567986****'),
}

model EnableDelegateAccountResponseBody = {
  requestId?: string(name='RequestId', description='The request ID.', example='768F908D-A66A-5A5D-816C-20C93CBBFEE3'),
}

model EnableDelegateAccountResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: EnableDelegateAccountResponseBody(name='body'),
}

/**
 * @summary Enables the delegated administrator account of CloudSSO.
 *
 * @description You can use the management account of a resource directory to specify a member of the resource directory as the delegated administrator account of CloudSSO. For more information, see [Add a delegated administrator account](https://help.aliyun.com/document_detail/208117.html).
 * After the delegated administrator account of CloudSSO is specified, you can call this operation to enable the delegated administrator account of CloudSSO to manage CloudSSO resources.
 *
 * @param request EnableDelegateAccountRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return EnableDelegateAccountResponse
 */
async function enableDelegateAccountWithOptions(request: EnableDelegateAccountRequest, runtime: Util.RuntimeOptions): EnableDelegateAccountResponse {
  Util.validateModel(request);
  var query = {};
  if (!Util.isUnset(request.accountId)) {
    query['AccountId'] = request.accountId;
  }
  var req = new OpenApi.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApi.Params{
    action = 'EnableDelegateAccount',
    version = '2021-05-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Enables the delegated administrator account of CloudSSO.
 *
 * @description You can use the management account of a resource directory to specify a member of the resource directory as the delegated administrator account of CloudSSO. For more information, see [Add a delegated administrator account](https://help.aliyun.com/document_detail/208117.html).
 * After the delegated administrator account of CloudSSO is specified, you can call this operation to enable the delegated administrator account of CloudSSO to manage CloudSSO resources.
 *
 * @param request EnableDelegateAccountRequest
 * @return EnableDelegateAccountResponse
 */
async function enableDelegateAccount(request: EnableDelegateAccountRequest): EnableDelegateAccountResponse {
  var runtime = new Util.RuntimeOptions{};
  return enableDelegateAccountWithOptions(request, runtime);
}

model EnableServiceResponseBody = {
  requestId?: string(name='RequestId', description='The ID of the request.', example='3D57EAD2-8723-1F26-B69C-F8707D8B565D'),
}

model EnableServiceResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: EnableServiceResponseBody(name='body'),
}

/**
 * @summary Enables CloudSSO.
 *
 * @description You can call this operation only if your account belongs to the management account that is used to enable a resource directory and has permissions to enable CloudSSO. For more information, see [Enable CloudSSO](https://help.aliyun.com/document_detail/262819.html).
 * If you call this operation, you agree to the [Alibaba Cloud International Website Product Terms of Service](https://www.alibabacloud.com/help/doc-detail/42416.htm).
 *
 * @param request EnableServiceRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return EnableServiceResponse
 */
async function enableServiceWithOptions(runtime: Util.RuntimeOptions): EnableServiceResponse {
  var req = new OpenApi.OpenApiRequest{};
  var params = new OpenApi.Params{
    action = 'EnableService',
    version = '2021-05-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Enables CloudSSO.
 *
 * @description You can call this operation only if your account belongs to the management account that is used to enable a resource directory and has permissions to enable CloudSSO. For more information, see [Enable CloudSSO](https://help.aliyun.com/document_detail/262819.html).
 * If you call this operation, you agree to the [Alibaba Cloud International Website Product Terms of Service](https://www.alibabacloud.com/help/doc-detail/42416.htm).
 *
 * @return EnableServiceResponse
 */
async function enableService(): EnableServiceResponse {
  var runtime = new Util.RuntimeOptions{};
  return enableServiceWithOptions(runtime);
}

model GetAccessConfigurationRequest {
  accessConfigurationId?: string(name='AccessConfigurationId', description='The ID of the access configuration.', example='ac-00ccule7tadaijxc****'),
  directoryId?: string(name='DirectoryId', description='The ID of the directory.', example='d-00fc2p61****'),
}

model GetAccessConfigurationResponseBody = {
  accessConfiguration?: {
    accessConfigurationId?: string(name='AccessConfigurationId', description='The ID of the access configuration.', example='ac-00ccule7tadaijxc****'),
    accessConfigurationName?: string(name='AccessConfigurationName', description='The name of the access configuration.', example='VPC-Admin'),
    createTime?: string(name='CreateTime', description='The time when the access configuration was created.', example='2021-06-30T09:39:44Z'),
    description?: string(name='Description', description='The description of the access configuration.', example='This is an access configuration.'),
    relayState?: string(name='RelayState', description='The initial web page that is displayed after a CloudSSO user accesses an account in your resource directory by using the access configuration.', example='https://cloudsso.console.aliyun.com'),
    sessionDuration?: int32(name='SessionDuration', description='The duration of a session in which a CloudSSO user accesses an account in your resource directory by using the access configuration.

Unit: seconds.', example='3600'),
    statusNotifications?: [ string ](name='StatusNotifications', description='The status notification.'),
    updateTime?: string(name='UpdateTime', description='The time when the information about the access configuration was modified.', example='2021-07-26T03:02:11Z'),
  }(name='AccessConfiguration', description='The information about the access configuration.'),
  requestId?: string(name='RequestId', description='The ID of the request.', example='D5E40508-483B-52F6-993C-D880B0F87591'),
}

model GetAccessConfigurationResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: GetAccessConfigurationResponseBody(name='body'),
}

/**
 * @summary Queries information about an access configuration.
 *
 * @description This topic provides an example on how to query the information about the access configuration whose ID is `ac-00ccule7tadaijxc****`.
 *
 * @param request GetAccessConfigurationRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return GetAccessConfigurationResponse
 */
async function getAccessConfigurationWithOptions(request: GetAccessConfigurationRequest, runtime: Util.RuntimeOptions): GetAccessConfigurationResponse {
  Util.validateModel(request);
  var query = {};
  if (!Util.isUnset(request.accessConfigurationId)) {
    query['AccessConfigurationId'] = request.accessConfigurationId;
  }
  if (!Util.isUnset(request.directoryId)) {
    query['DirectoryId'] = request.directoryId;
  }
  var req = new OpenApi.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApi.Params{
    action = 'GetAccessConfiguration',
    version = '2021-05-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Queries information about an access configuration.
 *
 * @description This topic provides an example on how to query the information about the access configuration whose ID is `ac-00ccule7tadaijxc****`.
 *
 * @param request GetAccessConfigurationRequest
 * @return GetAccessConfigurationResponse
 */
async function getAccessConfiguration(request: GetAccessConfigurationRequest): GetAccessConfigurationResponse {
  var runtime = new Util.RuntimeOptions{};
  return getAccessConfigurationWithOptions(request, runtime);
}

model GetDirectoryRequest {
  directoryId?: string(name='DirectoryId', description='The ID of the directory.', example='d-00fc2p61****'),
}

model GetDirectoryResponseBody = {
  directory?: {
    createTime?: string(name='CreateTime', description='The time when the directory was created.', example='2021-06-30T08:35:26Z'),
    directoryId?: string(name='DirectoryId', description='The ID of the directory.', example='d-00fc2p61****'),
    directoryName?: string(name='DirectoryName', description='The name of the directory.', example='example'),
    region?: string(name='Region', description='The region ID of the directory.', example='cn-shanghai'),
    updateTime?: string(name='UpdateTime', description='The time when the directory was modified.', example='2021-10-25T07:18:46Z'),
  }(name='Directory', description='The information about the directory.'),
  requestId?: string(name='RequestId', description='The ID of the request.', example='AA6A9E4B-8A61-59E1-AA87-F61CA18258A3'),
}

model GetDirectoryResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: GetDirectoryResponseBody(name='body'),
}

/**
 * @summary Queries information about a directory.
 *
 * @description This topic provides an example on how to query information about the directory whose ID is `d-00fc2p61****`.
 *
 * @param request GetDirectoryRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return GetDirectoryResponse
 */
async function getDirectoryWithOptions(request: GetDirectoryRequest, runtime: Util.RuntimeOptions): GetDirectoryResponse {
  Util.validateModel(request);
  var query = {};
  if (!Util.isUnset(request.directoryId)) {
    query['DirectoryId'] = request.directoryId;
  }
  var req = new OpenApi.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApi.Params{
    action = 'GetDirectory',
    version = '2021-05-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Queries information about a directory.
 *
 * @description This topic provides an example on how to query information about the directory whose ID is `d-00fc2p61****`.
 *
 * @param request GetDirectoryRequest
 * @return GetDirectoryResponse
 */
async function getDirectory(request: GetDirectoryRequest): GetDirectoryResponse {
  var runtime = new Util.RuntimeOptions{};
  return getDirectoryWithOptions(request, runtime);
}

model GetDirectorySAMLServiceProviderInfoRequest {
  directoryId?: string(name='DirectoryId', description='The ID of the directory.', example='d-00fc2p61****'),
}

model GetDirectorySAMLServiceProviderInfoResponseBody = {
  requestId?: string(name='RequestId', description='The ID of the request.', example='4632107D-BCE1-5A96-B30B-182EE0709625'),
  SAMLServiceProvider?: {
    acsUrl?: string(name='AcsUrl', description='The Assertion Consumer Service (ACS) URL of the SP.', example='https://signin-cn-shanghai.alibabacloudsso.com/saml/acs/51d298a9-2a3f-4e23-97c7-7ad1cfa9****'),
    authnSignAlgo?: string(name='AuthnSignAlgo'),
    certificateType?: string(name='CertificateType'),
    directoryId?: string(name='DirectoryId', description='The ID of the directory.', example='d-00fc2p61****'),
    encodedMetadataDocument?: string(name='EncodedMetadataDocument', description='The metadata file of the SP. The value of this parameter is Base64-encoded.', example='PD94bWwgdmVyc2lv****'),
    entityId?: string(name='EntityId', description='The entity ID of the SP.', example='https://signin-cn-shanghai.alibabacloudsso.com/saml/sp/d-00fc2p61****'),
    supportEncryptedAssertion?: boolean(name='SupportEncryptedAssertion'),
  }(name='SAMLServiceProvider', description='The information about the SP.'),
}

model GetDirectorySAMLServiceProviderInfoResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: GetDirectorySAMLServiceProviderInfoResponseBody(name='body'),
}

/**
 * @summary Queries information about a Security Assertion Markup Language (SAML) service provider (SP).
 *
 * @description During SAML 2.0-based single sign-on (SSO) logon, CloudSSO is an SP, and the identity management system of an enterprise is an identity provider (IdP).
 * This topic provides an example on how to query the information about the SP within the directory `d-00fc2p61****`.
 *
 * @param request GetDirectorySAMLServiceProviderInfoRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return GetDirectorySAMLServiceProviderInfoResponse
 */
async function getDirectorySAMLServiceProviderInfoWithOptions(request: GetDirectorySAMLServiceProviderInfoRequest, runtime: Util.RuntimeOptions): GetDirectorySAMLServiceProviderInfoResponse {
  Util.validateModel(request);
  var query = {};
  if (!Util.isUnset(request.directoryId)) {
    query['DirectoryId'] = request.directoryId;
  }
  var req = new OpenApi.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApi.Params{
    action = 'GetDirectorySAMLServiceProviderInfo',
    version = '2021-05-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Queries information about a Security Assertion Markup Language (SAML) service provider (SP).
 *
 * @description During SAML 2.0-based single sign-on (SSO) logon, CloudSSO is an SP, and the identity management system of an enterprise is an identity provider (IdP).
 * This topic provides an example on how to query the information about the SP within the directory `d-00fc2p61****`.
 *
 * @param request GetDirectorySAMLServiceProviderInfoRequest
 * @return GetDirectorySAMLServiceProviderInfoResponse
 */
async function getDirectorySAMLServiceProviderInfo(request: GetDirectorySAMLServiceProviderInfoRequest): GetDirectorySAMLServiceProviderInfoResponse {
  var runtime = new Util.RuntimeOptions{};
  return getDirectorySAMLServiceProviderInfoWithOptions(request, runtime);
}

model GetDirectoryStatisticsRequest {
  directoryId?: string(name='DirectoryId', description='The ID of the directory.', example='d-00fc2p61****'),
}

model GetDirectoryStatisticsResponseBody = {
  directoryStatistics?: {
    accessAssignmentCount?: int32(name='AccessAssignmentCount', description='The number of access permissions that are assigned.', example='5'),
    accessConfigurationCount?: int32(name='AccessConfigurationCount', description='The number of access configurations.', example='6'),
    accessConfigurationQuota?: int32(name='AccessConfigurationQuota', description='The quota for access configurations.', example='1000'),
    directoryId?: string(name='DirectoryId', description='The ID of the directory.', example='d-00fc2p61****'),
    directoryName?: string(name='DirectoryName', description='The name of the directory.', example='new-example'),
    groupCount?: int32(name='GroupCount', description='The number of user groups.', example='4'),
    groupQuota?: int32(name='GroupQuota', description='The quota for user groups.', example='500'),
    inProgressTaskCount?: int32(name='InProgressTaskCount', description='The number of tasks that are being performed.', example='0'),
    inlinePolicyPerAccessConfigurationQuota?: int32(name='InlinePolicyPerAccessConfigurationQuota', description='The number of inline policies that can be configured for an access configuration.', example='1'),
    region?: string(name='Region', description='The region ID of the directory.', example='cn-shanghai'),
    SCIMServerCredentialCount?: int32(name='SCIMServerCredentialCount', description='The number of SCIM credentials.', example='2'),
    SCIMSyncEnabled?: boolean(name='SCIMSyncEnabled', description='Indicates whether SCIM synchronization is enabled. Valid values:

*   true
*   false', example='true'),
    SSOEnabled?: boolean(name='SSOEnabled', description='Indicates whether SSO is enabled. Valid values:

*   true
*   false', example='false'),
    systemPolicyPerAccessConfigurationQuota?: int32(name='SystemPolicyPerAccessConfigurationQuota', description='The quota for system policies that can be configured for an access configuration.', example='20'),
    userCount?: int32(name='UserCount', description='The number of users.', example='16'),
    userQuota?: int32(name='UserQuota', description='The quota for users.', example='1000'),
  }(name='DirectoryStatistics', description='The statistics of the directory.'),
  requestId?: string(name='RequestId', description='The request ID.', example='7B7228B0-A435-5D27-A6B2-ED3571F0654B'),
}

model GetDirectoryStatisticsResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: GetDirectoryStatisticsResponseBody(name='body'),
}

/**
 * @summary Queries the statistics of a directory.
 *
 * @description This topic provides an example on how to query the statistics of a directory whose ID is `d-00fc2p61****`. The statistics include the number of users, quota for users, number of groups, quota for groups, number of access configurations, quota for access configurations, number of access permissions that are assigned, number of system policies that can be configured for an access configuration, number of System for Cross-domain Identity Management (SCIM) credentials, number of asynchronous tasks, status of single sign-on (SSO) logon, and status of SCIM synchronization.
 *
 * @param request GetDirectoryStatisticsRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return GetDirectoryStatisticsResponse
 */
async function getDirectoryStatisticsWithOptions(request: GetDirectoryStatisticsRequest, runtime: Util.RuntimeOptions): GetDirectoryStatisticsResponse {
  Util.validateModel(request);
  var query = {};
  if (!Util.isUnset(request.directoryId)) {
    query['DirectoryId'] = request.directoryId;
  }
  var req = new OpenApi.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApi.Params{
    action = 'GetDirectoryStatistics',
    version = '2021-05-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Queries the statistics of a directory.
 *
 * @description This topic provides an example on how to query the statistics of a directory whose ID is `d-00fc2p61****`. The statistics include the number of users, quota for users, number of groups, quota for groups, number of access configurations, quota for access configurations, number of access permissions that are assigned, number of system policies that can be configured for an access configuration, number of System for Cross-domain Identity Management (SCIM) credentials, number of asynchronous tasks, status of single sign-on (SSO) logon, and status of SCIM synchronization.
 *
 * @param request GetDirectoryStatisticsRequest
 * @return GetDirectoryStatisticsResponse
 */
async function getDirectoryStatistics(request: GetDirectoryStatisticsRequest): GetDirectoryStatisticsResponse {
  var runtime = new Util.RuntimeOptions{};
  return getDirectoryStatisticsWithOptions(request, runtime);
}

model GetExternalSAMLIdentityProviderRequest {
  directoryId?: string(name='DirectoryId', description='The ID of the directory.', example='d-00fc2p61****'),
}

model GetExternalSAMLIdentityProviderResponseBody = {
  requestId?: string(name='RequestId', description='The ID of the request.', example='96D1E5FF-0301-5636-8D33-071E033CFB82'),
  SAMLIdentityProviderConfiguration?: {
    bindingType?: string(name='BindingType', description='The Binding method for initiating a SAML request. Values:

- Post: Initiate the SAML request using the Post method. 
- Redirect: Initiate the SAML request using the Redirect method.', example='Post'),
    certificateIds?: [ string ](name='CertificateIds', description='The ID of the SAML signing certificate.'),
    createTime?: string(name='CreateTime', description='The time when the IdP was configured for the first time.', example='2021-11-09T09:30:13Z'),
    directoryId?: string(name='DirectoryId', description='The ID of the directory.', example='d-00fc2p61****'),
    encodedMetadataDocument?: string(name='EncodedMetadataDocument', description='The metadata file of the IdP. The value of this parameter is Base64-encoded.', example='PD94bWwgdmVyc2lvbj0iMS4****'),
    entityId?: string(name='EntityId', description='The entity ID of the IdP.', example='http://www.okta.com/exk3qwgtjhetR2Od****'),
    loginUrl?: string(name='LoginUrl', description='The logon URL of the IdP.'),
    SSOStatus?: string(name='SSOStatus', description='The status of SSO logon. Valid values:

*   Enabled
*   Disabled', example='Enabled'),
    updateTime?: string(name='UpdateTime', description='The time when the IdP configurations were last modified.', example='2021-11-09T09:30:22Z'),
    wantRequestSigned?: boolean(name='WantRequestSigned', description='Indicates whether CloudSSO needs to sign SAML requests. The requests are sent when users log on to the CloudSSO user portal to initiate SAML-based SSO. Valid values:

*   true: yes
*   false: no (default)', example='false'),
  }(name='SAMLIdentityProviderConfiguration', description='The configurations of the IdP.'),
}

model GetExternalSAMLIdentityProviderResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: GetExternalSAMLIdentityProviderResponseBody(name='body'),
}

/**
 * @summary Queries the configurations of a Security Assertion Markup Language (SAML) identity provider (IdP).
 *
 * @description This topic provides an example on how to query the configurations of the SAML IdP within the directory `d-00fc2p61****`.
 *
 * @param request GetExternalSAMLIdentityProviderRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return GetExternalSAMLIdentityProviderResponse
 */
async function getExternalSAMLIdentityProviderWithOptions(request: GetExternalSAMLIdentityProviderRequest, runtime: Util.RuntimeOptions): GetExternalSAMLIdentityProviderResponse {
  Util.validateModel(request);
  var query = {};
  if (!Util.isUnset(request.directoryId)) {
    query['DirectoryId'] = request.directoryId;
  }
  var req = new OpenApi.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApi.Params{
    action = 'GetExternalSAMLIdentityProvider',
    version = '2021-05-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Queries the configurations of a Security Assertion Markup Language (SAML) identity provider (IdP).
 *
 * @description This topic provides an example on how to query the configurations of the SAML IdP within the directory `d-00fc2p61****`.
 *
 * @param request GetExternalSAMLIdentityProviderRequest
 * @return GetExternalSAMLIdentityProviderResponse
 */
async function getExternalSAMLIdentityProvider(request: GetExternalSAMLIdentityProviderRequest): GetExternalSAMLIdentityProviderResponse {
  var runtime = new Util.RuntimeOptions{};
  return getExternalSAMLIdentityProviderWithOptions(request, runtime);
}

model GetGroupRequest {
  directoryId?: string(name='DirectoryId', description='The ID of the directory.', example='d-00fc2p61****'),
  groupId?: string(name='GroupId', description='The ID of the group.', example='g-00jqzghi2n3o5hkh****'),
}

model GetGroupResponseBody = {
  group?: {
    createTime?: string(name='CreateTime', description='The time when the group was created.', example='2021-11-01T02:38:27Z'),
    description?: string(name='Description', description='The description of the group.', example='This is a group.'),
    groupId?: string(name='GroupId', description='The ID of the group.', example='g-00jqzghi2n3o5hkh****'),
    groupName?: string(name='GroupName', description='The name of the group.', example='TestGroup'),
    provisionType?: string(name='ProvisionType', description='The type of the group. Valid values:

*   Manual: The group is manually created.
*   Synchronized: The group is synchronized from an external identity provider (IdP).', example='Manual'),
    updateTime?: string(name='UpdateTime', description='The time when the information about the group was modified.', example='2021-11-01T02:38:27Z'),
  }(name='Group', description='The information about the group.'),
  requestId?: string(name='RequestId', description='The ID of the request.', example='768F908D-A66A-5A5D-816C-20C93CBBFEE3'),
}

model GetGroupResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: GetGroupResponseBody(name='body'),
}

/**
 * @summary Queries information about a group.
 *
 * @description This topic provides an example on how to query the information about the group `g-00jqzghi2n3o5hkh****` in the directory `d-00fc2p61****`.
 *
 * @param request GetGroupRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return GetGroupResponse
 */
async function getGroupWithOptions(request: GetGroupRequest, runtime: Util.RuntimeOptions): GetGroupResponse {
  Util.validateModel(request);
  var query = {};
  if (!Util.isUnset(request.directoryId)) {
    query['DirectoryId'] = request.directoryId;
  }
  if (!Util.isUnset(request.groupId)) {
    query['GroupId'] = request.groupId;
  }
  var req = new OpenApi.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApi.Params{
    action = 'GetGroup',
    version = '2021-05-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Queries information about a group.
 *
 * @description This topic provides an example on how to query the information about the group `g-00jqzghi2n3o5hkh****` in the directory `d-00fc2p61****`.
 *
 * @param request GetGroupRequest
 * @return GetGroupResponse
 */
async function getGroup(request: GetGroupRequest): GetGroupResponse {
  var runtime = new Util.RuntimeOptions{};
  return getGroupWithOptions(request, runtime);
}

model GetLoginPreferenceRequest {
  directoryId?: string(name='DirectoryId', description='The ID of the directory.', example='d-00fc2p61****'),
}

model GetLoginPreferenceResponseBody = {
  loginPreference?: {
    allowUserToGetCredentials?: boolean(name='AllowUserToGetCredentials', description='Whether the user can obtain program access credentials on the portal after logging in. Values: 
- True: Yes. 
- False (default): No.', example='True'),
    loginNetworkMasks?: string(name='LoginNetworkMasks', description='The IP address whitelist. CloudSSO users can log on to the CloudSSO user portal only by using the IP addresses in the whitelist.

The IP address whitelist takes effect only on CloudSSO users who want to log on to the CloudSSO user portal by using the username-password logon or single sign-on (SSO) method. The IP address whitelist does not take effect on CloudSSO users who access accounts in a resource directory from the CloudSSO user portal.

If the return value of this parameter is empty, no IP address whitelists are configured.', example='192.168.0.0/16;10.0.0.0/8'),
  }(name='LoginPreference', description='The logon preference.'),
  requestId?: string(name='RequestId', description='The request ID.', example='8CE8B990-193D-50CE-A604-69F3E7DCE740'),
}

model GetLoginPreferenceResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: GetLoginPreferenceResponseBody(name='body'),
}

/**
 * @summary Queries the logon preference of CloudSSO users.
 *
 * @param request GetLoginPreferenceRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return GetLoginPreferenceResponse
 */
async function getLoginPreferenceWithOptions(request: GetLoginPreferenceRequest, runtime: Util.RuntimeOptions): GetLoginPreferenceResponse {
  Util.validateModel(request);
  var query = {};
  if (!Util.isUnset(request.directoryId)) {
    query['DirectoryId'] = request.directoryId;
  }
  var req = new OpenApi.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApi.Params{
    action = 'GetLoginPreference',
    version = '2021-05-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Queries the logon preference of CloudSSO users.
 *
 * @param request GetLoginPreferenceRequest
 * @return GetLoginPreferenceResponse
 */
async function getLoginPreference(request: GetLoginPreferenceRequest): GetLoginPreferenceResponse {
  var runtime = new Util.RuntimeOptions{};
  return getLoginPreferenceWithOptions(request, runtime);
}

model GetMFAAuthenticationSettingInfoRequest {
  directoryId?: string(name='DirectoryId', description='The ID of the directory.', example='u-00q8wbq42wiltcrk****'),
}

model GetMFAAuthenticationSettingInfoResponseBody = {
  MFAAuthenticationSettingInfo?: {
    mfaAuthenticationAdvanceSettings?: string(name='MfaAuthenticationAdvanceSettings', description='The MFA policy of all users. Valid values:

*   Enabled: MFA is enabled for all users.
*   Byuser: User-specific settings are applied. For more information about how to configure MFA for a single user, see [UpdateUserMFAAuthenticationSettings](https://help.aliyun.com/document_detail/450135.html).
*   Disabled: MFA is disabled for all users.
*   OnlyRiskyLogin: MFA is required only for unusual logons.', example='OnlyRiskyLogin'),
    operationForRiskLogin?: string(name='OperationForRiskLogin', description='The MFA policy for unusual logons. Valid values:

*   Autonomous: MFA is prompted for users who initiated unusual logons. However, the users are allowed to skip MFA. If an MFA device is bound to a user who initiated an unusual logon, the user must pass MFA.
*   EnforceVerify: MFA is required. If no MFA devices are bound to a user who initiated an unusual logon, the user must bind an MFA device. If an MFA device is already bound to a user who initiated an unusual logon, the user must pass MFA.

> This parameter is displayed only when Byuser or OnlyRiskyLogin is returned for the MfaAuthenticationAdvanceSettings parameter.', example='EnforceVerify'),
  }(name='MFAAuthenticationSettingInfo', description='The MFA setting of all users.'),
  requestId?: string(name='RequestId', description='The ID of the request.', example='95D3B107-DA80-5B34-A3D0-9E82F8F0DA0E'),
}

model GetMFAAuthenticationSettingInfoResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: GetMFAAuthenticationSettingInfoResponseBody(name='body'),
}

/**
 * @summary Queries the multi-factor authentication (MFA) setting of all users.
 *
 * @description If you enable username-password logon for CloudSSO users, you can also configure MFA for the users.
 * This topic provides an example on how to query the MFA setting of all CloudSSO users that belong to the directory named `00q8wbq42wiltcrk****`.
 *
 * @param request GetMFAAuthenticationSettingInfoRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return GetMFAAuthenticationSettingInfoResponse
 */
async function getMFAAuthenticationSettingInfoWithOptions(request: GetMFAAuthenticationSettingInfoRequest, runtime: Util.RuntimeOptions): GetMFAAuthenticationSettingInfoResponse {
  Util.validateModel(request);
  var query = {};
  if (!Util.isUnset(request.directoryId)) {
    query['DirectoryId'] = request.directoryId;
  }
  var req = new OpenApi.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApi.Params{
    action = 'GetMFAAuthenticationSettingInfo',
    version = '2021-05-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Queries the multi-factor authentication (MFA) setting of all users.
 *
 * @description If you enable username-password logon for CloudSSO users, you can also configure MFA for the users.
 * This topic provides an example on how to query the MFA setting of all CloudSSO users that belong to the directory named `00q8wbq42wiltcrk****`.
 *
 * @param request GetMFAAuthenticationSettingInfoRequest
 * @return GetMFAAuthenticationSettingInfoResponse
 */
async function getMFAAuthenticationSettingInfo(request: GetMFAAuthenticationSettingInfoRequest): GetMFAAuthenticationSettingInfoResponse {
  var runtime = new Util.RuntimeOptions{};
  return getMFAAuthenticationSettingInfoWithOptions(request, runtime);
}

model GetMFAAuthenticationSettingsRequest {
  directoryId?: string(name='DirectoryId', description='The ID of the directory.', example='d-00fc2p61****'),
}

model GetMFAAuthenticationSettingsResponseBody = {
  MFAAuthenticationAdvanceSettings?: string(name='MFAAuthenticationAdvanceSettings', description='Indicates whether MFA is enabled for all users. Valid values:

*   Enabled: MFA is enabled for all users.
*   Byuser: User-specific settings are applied.
*   Disabled: MFA is disabled for all users.', example='Enabled'),
  requestId?: string(name='RequestId', description='The ID of the request.', example='A2BC00C5-76A2-5FFC-A340-927940A98377'),
}

model GetMFAAuthenticationSettingsResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: GetMFAAuthenticationSettingsResponseBody(name='body'),
}

/**
 * @summary Queries the multi-factor authentication (MFA) setting of all users.
 *
 * @description > This operation is no longer maintained and updated. You can call the [GetMFAAuthenticationSettingInfo](https://help.aliyun.com/document_detail/611286.html) operation to query more detailed information.
 * This topic provides an example on how to query the MFA setting of the users that belong to the directory named `d-00fc2p61****`. The returned result shows that MFA is enabled for all the users.
 *
 * @param request GetMFAAuthenticationSettingsRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return GetMFAAuthenticationSettingsResponse
 */
async function getMFAAuthenticationSettingsWithOptions(request: GetMFAAuthenticationSettingsRequest, runtime: Util.RuntimeOptions): GetMFAAuthenticationSettingsResponse {
  Util.validateModel(request);
  var query = {};
  if (!Util.isUnset(request.directoryId)) {
    query['DirectoryId'] = request.directoryId;
  }
  var req = new OpenApi.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApi.Params{
    action = 'GetMFAAuthenticationSettings',
    version = '2021-05-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Queries the multi-factor authentication (MFA) setting of all users.
 *
 * @description > This operation is no longer maintained and updated. You can call the [GetMFAAuthenticationSettingInfo](https://help.aliyun.com/document_detail/611286.html) operation to query more detailed information.
 * This topic provides an example on how to query the MFA setting of the users that belong to the directory named `d-00fc2p61****`. The returned result shows that MFA is enabled for all the users.
 *
 * @param request GetMFAAuthenticationSettingsRequest
 * @return GetMFAAuthenticationSettingsResponse
 */
async function getMFAAuthenticationSettings(request: GetMFAAuthenticationSettingsRequest): GetMFAAuthenticationSettingsResponse {
  var runtime = new Util.RuntimeOptions{};
  return getMFAAuthenticationSettingsWithOptions(request, runtime);
}

model GetMFAAuthenticationStatusRequest {
  directoryId?: string(name='DirectoryId', description='The ID of the directory.', example='d-00fc2p61****'),
}

model GetMFAAuthenticationStatusResponseBody = {
  MFAAuthenticationStatus?: string(name='MFAAuthenticationStatus', description='The status of MFA. Valid values:

*   Enabled
*   Disabled', example='Enabled'),
  requestId?: string(name='RequestId', description='The ID of the request.', example='5E688346-DF1A-5537-9BFC-8A9974D29586'),
}

model GetMFAAuthenticationStatusResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: GetMFAAuthenticationStatusResponseBody(name='body'),
}

/**
 * @summary Checks whether multi-factor authentication (MFA) is enabled for users.
 *
 * @description This topic provides an example on how to check whether MFA is enabled for users in the directory whose ID is `00fc2p61****`. The returned result shows that MFA is in the Enabled state.
 *
 * @param request GetMFAAuthenticationStatusRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return GetMFAAuthenticationStatusResponse
 */
async function getMFAAuthenticationStatusWithOptions(request: GetMFAAuthenticationStatusRequest, runtime: Util.RuntimeOptions): GetMFAAuthenticationStatusResponse {
  Util.validateModel(request);
  var query = {};
  if (!Util.isUnset(request.directoryId)) {
    query['DirectoryId'] = request.directoryId;
  }
  var req = new OpenApi.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApi.Params{
    action = 'GetMFAAuthenticationStatus',
    version = '2021-05-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Checks whether multi-factor authentication (MFA) is enabled for users.
 *
 * @description This topic provides an example on how to check whether MFA is enabled for users in the directory whose ID is `00fc2p61****`. The returned result shows that MFA is in the Enabled state.
 *
 * @param request GetMFAAuthenticationStatusRequest
 * @return GetMFAAuthenticationStatusResponse
 */
async function getMFAAuthenticationStatus(request: GetMFAAuthenticationStatusRequest): GetMFAAuthenticationStatusResponse {
  var runtime = new Util.RuntimeOptions{};
  return getMFAAuthenticationStatusWithOptions(request, runtime);
}

model GetPasswordPolicyRequest {
  directoryId?: string(name='DirectoryId', description='The ID of the directory.', example='d-00fc2p61****'),
}

model GetPasswordPolicyResponseBody = {
  passwordPolicy?: {
    hardExpire?: boolean(name='HardExpire', description='Indicates whether to disable logon after a password expires. Valid values:

*   true: disables logon after a password expires.
*   false: does not disable logon after a password expires.', example='true'),
    maxLoginAttempts?: int32(name='MaxLoginAttempts', description='The number of password retries.

If wrong passwords are entered for the specified consecutive times, the account is locked for 1 hour.

Valid values: 0 to 32. The value 0 indicates that the number of password retries is not limited.', example='5'),
    maxPasswordAge?: int32(name='MaxPasswordAge', description='The validity period of a password.

Valid values: 1 to 120. Unit: days.', example='90'),
    maxPasswordLength?: int32(name='MaxPasswordLength', description='The maximum password length.', example='32'),
    minPasswordDifferentChars?: int32(name='MinPasswordDifferentChars', description='The minimum number of different characters in a password.

The minimum value is 0, which indicates that the minimum number of different characters in a password is not limited. The maximum value is the value of the `MinPasswordLength` parameter.', example='8'),
    minPasswordLength?: int32(name='MinPasswordLength', description='The minimum password length.

Valid values: 8 to 32 characters.', example='8'),
    passwordNotContainUsername?: boolean(name='PasswordNotContainUsername', description='Indicates whether to exclude the username from the password. Valid values:

*   true: A password cannot contain the username.
*   false: A password can contain the username.', example='true'),
    passwordReusePrevention?: int32(name='PasswordReusePrevention', description='The policy for password history check.

The previous N passwords cannot be reused. Valid values of N: 0 to 24. The value 0 indicates that all historical passwords can be reused.

>  Passwords that are generated before January 5, 2024 are not counted as historical passwords.', example='1'),
    requireLowerCaseChars?: boolean(name='RequireLowerCaseChars', description='Indicates whether lowercase letters are required in a password. Valid values:

*   true: Lowercase letters are required in a password.
*   false: Lowercase letters are not required in a password.', example='true'),
    requireNumbers?: boolean(name='RequireNumbers', description='Indicates whether digits are required in a password. Valid values:

*   true: Digits are required in a password.
*   false: Digits are not required in a password.', example='true'),
    requireSymbols?: boolean(name='RequireSymbols', description='Indicates whether special characters are required in a password. Valid values:

*   true: Special characters are required in a password.
*   false: Special characters are not required in a password.', example='true'),
    requireUpperCaseChars?: boolean(name='RequireUpperCaseChars', description='Indicates whether uppercase letters are required in a password. Valid values:

*   true: Uppercase letters are required in a password.
*   false: Uppercase letters are not required in a password.', example='true'),
  }(name='PasswordPolicy', description='The password policy.'),
  requestId?: string(name='RequestId', description='The request ID.', example='B7C6E839-FB65-59BE-B753-003AA8AF7DF7'),
}

model GetPasswordPolicyResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: GetPasswordPolicyResponseBody(name='body'),
}

/**
 * @summary Queries the password policy of CloudSSO users.
 *
 * @param request GetPasswordPolicyRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return GetPasswordPolicyResponse
 */
async function getPasswordPolicyWithOptions(request: GetPasswordPolicyRequest, runtime: Util.RuntimeOptions): GetPasswordPolicyResponse {
  Util.validateModel(request);
  var query = {};
  if (!Util.isUnset(request.directoryId)) {
    query['DirectoryId'] = request.directoryId;
  }
  var req = new OpenApi.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApi.Params{
    action = 'GetPasswordPolicy',
    version = '2021-05-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Queries the password policy of CloudSSO users.
 *
 * @param request GetPasswordPolicyRequest
 * @return GetPasswordPolicyResponse
 */
async function getPasswordPolicy(request: GetPasswordPolicyRequest): GetPasswordPolicyResponse {
  var runtime = new Util.RuntimeOptions{};
  return getPasswordPolicyWithOptions(request, runtime);
}

model GetSCIMSynchronizationStatusRequest {
  directoryId?: string(name='DirectoryId', description='The ID of the directory.', example='d-00fc2p61****'),
}

model GetSCIMSynchronizationStatusResponseBody = {
  requestId?: string(name='RequestId', description='The ID of the request.', example='7C086C2F-1C66-57B3-B14E-2C1DA70727CD'),
  SCIMSynchronizationStatus?: string(name='SCIMSynchronizationStatus', description='The status of SCIM synchronization. Valid values:

*   Enabled
*   Disabled', example='Enabled'),
}

model GetSCIMSynchronizationStatusResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: GetSCIMSynchronizationStatusResponseBody(name='body'),
}

/**
 * @summary Queries the status of System for Cross-domain Identity Management (SCIM) synchronization.
 *
 * @description This topic provides an example on how to query the status of SCIM synchronization within the directory `d-00fc2p61****`. The returned result shows that SCIM synchronization is in the Enabled state.
 *
 * @param request GetSCIMSynchronizationStatusRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return GetSCIMSynchronizationStatusResponse
 */
async function getSCIMSynchronizationStatusWithOptions(request: GetSCIMSynchronizationStatusRequest, runtime: Util.RuntimeOptions): GetSCIMSynchronizationStatusResponse {
  Util.validateModel(request);
  var query = {};
  if (!Util.isUnset(request.directoryId)) {
    query['DirectoryId'] = request.directoryId;
  }
  var req = new OpenApi.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApi.Params{
    action = 'GetSCIMSynchronizationStatus',
    version = '2021-05-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Queries the status of System for Cross-domain Identity Management (SCIM) synchronization.
 *
 * @description This topic provides an example on how to query the status of SCIM synchronization within the directory `d-00fc2p61****`. The returned result shows that SCIM synchronization is in the Enabled state.
 *
 * @param request GetSCIMSynchronizationStatusRequest
 * @return GetSCIMSynchronizationStatusResponse
 */
async function getSCIMSynchronizationStatus(request: GetSCIMSynchronizationStatusRequest): GetSCIMSynchronizationStatusResponse {
  var runtime = new Util.RuntimeOptions{};
  return getSCIMSynchronizationStatusWithOptions(request, runtime);
}

model GetServiceStatusResponseBody = {
  requestId?: string(name='RequestId', description='The ID of the request.', example='ADADC31D-90EE-5459-99B0-D83DF07769A3'),
  serviceStatus?: {
    accountId?: string(name='AccountId', description='The ID of your Alibaba Cloud account.', example='151266687691****'),
    prerequisiteCheckResult?: string(name='PrerequisiteCheckResult', description='Indicates whether you have permissions to enable CloudSSO. Valid values:

*   Success: You have permissions to enable CloudSSO.
*   Failed: You do not have permissions to enable CloudSSO.

>  The value of this parameter is returned only if the value of `Status` is `Disabled`.', example='Success'),
    regionsInUse?: [ string ](name='RegionsInUse', description='The ID of the region.'),
    status?: string(name='Status', description='Indicates whether CloudSSO is enabled. Valid values:

*   Enabled
*   Disabled', example='Enabled'),
  }(name='ServiceStatus', description='The status information of CloudSSO.'),
}

model GetServiceStatusResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: GetServiceStatusResponseBody(name='body'),
}

/**
 * @summary Queries the status of CloudSSO.
 *
 * @param request GetServiceStatusRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return GetServiceStatusResponse
 */
async function getServiceStatusWithOptions(runtime: Util.RuntimeOptions): GetServiceStatusResponse {
  var req = new OpenApi.OpenApiRequest{};
  var params = new OpenApi.Params{
    action = 'GetServiceStatus',
    version = '2021-05-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Queries the status of CloudSSO.
 *
 * @return GetServiceStatusResponse
 */
async function getServiceStatus(): GetServiceStatusResponse {
  var runtime = new Util.RuntimeOptions{};
  return getServiceStatusWithOptions(runtime);
}

model GetTaskRequest {
  directoryId?: string(name='DirectoryId', description='The directory ID.', example='d-00fc2p61****'),
  taskId?: string(name='TaskId', description='The task ID.', example='t-shfqw1u1edszvxw5****'),
}

model GetTaskResponseBody = {
  requestId?: string(name='RequestId', description='The request ID.', example='923CA5E8-57BF-5E15-8BA6-E75A966B7E3F'),
  task?: {
    accessConfigurationId?: string(name='AccessConfigurationId', description='The ID of the access configuration.', example='ac-00jhtfl8thteu6uj****'),
    accessConfigurationName?: string(name='AccessConfigurationName', description='The name of the access configuration.', example='ECS-Admin'),
    endTime?: string(name='EndTime', description='The end time of the task.', example='2021-11-05T02:58:08Z'),
    failureReason?: string(name='FailureReason', description='The cause of the task failure.

>  This parameter is returned only when the value of `Status` is `Failed`.', example='No Permission.'),
    principalId?: string(name='PrincipalId', description='The ID of the CloudSSO identity.', example='u-00q8wbq42wiltcrk****'),
    principalName?: string(name='PrincipalName', description='The name of the CloudSSO identity.', example='Alice'),
    principalType?: string(name='PrincipalType', description='The type of the CloudSSO identity. Valid values:

*   User
*   Group', example='User'),
    startTime?: string(name='StartTime', description='The start time of the task.', example='2021-11-05T02:58:07Z'),
    status?: string(name='Status', description='The task status. Valid values:

*   InProgress: The task is running.
*   Success: The task is successful.
*   Failed: The task failed.', example='Success'),
    targetId?: string(name='TargetId', description='The ID of the task object.', example='114240524784****'),
    targetName?: string(name='TargetName', description='The name of the task object.', example='dev-test'),
    targetPath?: string(name='TargetPath', description='The path ID of the task object in the resource directory.'),
    targetPathName?: string(name='TargetPathName', description='The path name of the task object in the resource directory.'),
    targetType?: string(name='TargetType', description='The type of the task object. The value is fixed as RD-Account, which indicates the accounts in the resource directory.', example='RD-Account'),
    taskId?: string(name='TaskId', description='The task ID.', example='t-shfqw1u1edszvxw5****'),
    taskType?: string(name='TaskType', description='The task type. Valid values:

*   ProvisionAccessConfiguration: An access configuration is provisioned.
*   DeprovisionAccessConfiguration: An access configuration is de-provisioned.
*   CreateAccessAssignment: Access permissions on an account in the resource directory are assigned.
*   DeleteAccessAssignment: Access permissions on an account in the resource directory are removed.', example='DeleteAccessAssignment'),
  }(name='Task', description='The task information.'),
}

model GetTaskResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: GetTaskResponseBody(name='body'),
}

/**
 * @summary Queries information about an asynchronous task.
 *
 * @description This topic provides an example on how to query the information about the task whose ID is `t-shfqw1u1edszvxw5****`.
 *
 * @param request GetTaskRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return GetTaskResponse
 */
async function getTaskWithOptions(request: GetTaskRequest, runtime: Util.RuntimeOptions): GetTaskResponse {
  Util.validateModel(request);
  var query = {};
  if (!Util.isUnset(request.directoryId)) {
    query['DirectoryId'] = request.directoryId;
  }
  if (!Util.isUnset(request.taskId)) {
    query['TaskId'] = request.taskId;
  }
  var req = new OpenApi.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApi.Params{
    action = 'GetTask',
    version = '2021-05-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Queries information about an asynchronous task.
 *
 * @description This topic provides an example on how to query the information about the task whose ID is `t-shfqw1u1edszvxw5****`.
 *
 * @param request GetTaskRequest
 * @return GetTaskResponse
 */
async function getTask(request: GetTaskRequest): GetTaskResponse {
  var runtime = new Util.RuntimeOptions{};
  return getTaskWithOptions(request, runtime);
}

model GetTaskStatusRequest {
  directoryId?: string(name='DirectoryId', description='The directory ID.', example='d-00fc2p61****'),
  taskId?: string(name='TaskId', description='The task ID.', example='t-shfqw1u1edszvxw5****'),
}

model GetTaskStatusResponseBody = {
  requestId?: string(name='RequestId', description='The request ID.', example='005F4623-AE53-504D-830F-44825F7DC211'),
  taskStatus?: {
    endTime?: string(name='EndTime', description='The end time of the task.', example='2021-11-05T02:58:08Z'),
    failureReason?: string(name='FailureReason', description='The cause of the task failure.

>  This parameter is returned only when the value of `Status` is `Failed`.', example='No Permission.'),
    startTime?: string(name='StartTime', description='The start time of the task.', example='2021-11-05T02:58:07Z'),
    status?: string(name='Status', description='The task status. Valid values:

*   InProgress: The task is running.
*   Success: The task is successful.
*   Failed: The task failed.', example='Success'),
    taskId?: string(name='TaskId', description='The task ID.', example='t-shfqw1u1edszvxw5****'),
    taskType?: string(name='TaskType', description='The task type. Valid values:

*   ProvisionAccessConfiguration: An access configuration is provisioned.
*   DeprovisionAccessConfiguration: An access configuration is de-provisioned.
*   CreateAccessAssignment: Access permissions on an account in the resource directory are assigned.
*   DeleteAccessAssignment: Access permissions on an account in the resource directory are removed.', example='DeleteAccessAssignment'),
  }(name='TaskStatus', description='The status information about the task.'),
}

model GetTaskStatusResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: GetTaskStatusResponseBody(name='body'),
}

/**
 * @summary Queries the status of an asynchronous task.
 *
 * @description You can call the GetTaskStatus operation to query the status of an asynchronous task. If you want to query more information about an asynchronous task, call the [GetTask](https://help.aliyun.com/document_detail/340670.html) operation.
 * This topic provides an example on how to query the information about the task whose ID is `t-shfqw1u1edszvxw5****`.
 *
 * @param request GetTaskStatusRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return GetTaskStatusResponse
 */
async function getTaskStatusWithOptions(request: GetTaskStatusRequest, runtime: Util.RuntimeOptions): GetTaskStatusResponse {
  Util.validateModel(request);
  var query = {};
  if (!Util.isUnset(request.directoryId)) {
    query['DirectoryId'] = request.directoryId;
  }
  if (!Util.isUnset(request.taskId)) {
    query['TaskId'] = request.taskId;
  }
  var req = new OpenApi.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApi.Params{
    action = 'GetTaskStatus',
    version = '2021-05-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Queries the status of an asynchronous task.
 *
 * @description You can call the GetTaskStatus operation to query the status of an asynchronous task. If you want to query more information about an asynchronous task, call the [GetTask](https://help.aliyun.com/document_detail/340670.html) operation.
 * This topic provides an example on how to query the information about the task whose ID is `t-shfqw1u1edszvxw5****`.
 *
 * @param request GetTaskStatusRequest
 * @return GetTaskStatusResponse
 */
async function getTaskStatus(request: GetTaskStatusRequest): GetTaskStatusResponse {
  var runtime = new Util.RuntimeOptions{};
  return getTaskStatusWithOptions(request, runtime);
}

model GetUserRequest {
  directoryId?: string(name='DirectoryId', description='The ID of the resource directory.', example='d-00fc2p61****'),
  userId?: string(name='UserId', description='The ID of the user.', example='u-00q8wbq42wiltcrk****'),
}

model GetUserResponseBody = {
  requestId?: string(name='RequestId', description='The request ID.', example='EE42D2C4-A30A-59B7-ACEB-6D22FB44174A'),
  user?: {
    createTime?: string(name='CreateTime', description='The time when the user was created. The value is displayed in UTC.', example='2021-10-26T03:03:42Z'),
    description?: string(name='Description', description='The description of the user.', example='This is a user.'),
    displayName?: string(name='DisplayName', description='The display name of the user.', example='Alice'),
    email?: string(name='Email', description='The email address of the user.', example='Alice@example.com'),
    externalId?: {
      id?: string(name='Id', description='The identifier of the user that is synchronized from an external IdP.', example='c73******a5fdd5'),
      issuer?: string(name='Issuer', description='The method for external identity synchronization. Only System for Cross-domain Identity Management (SCIM) synchronization is supported.', example='SCIM'),
    }(name='ExternalId', description='The identifier information about the user synchronized from an external IdP.'),
    firstName?: string(name='FirstName', description='The first name of the user.', example='Alice'),
    lastName?: string(name='LastName', description='The last name of the user.', example='Lee'),
    provisionType?: string(name='ProvisionType', description='The type of the user. Valid values:

*   Manual: The user is manually created.
*   Synchronized: The user is synchronized from an external identity provider (IdP).', example='Manual'),
    status?: string(name='Status', description='The status of the user. Valid values:

*   Enabled: The logon of the user is enabled.
*   Disabled: The logon of the user is disabled.', example='Enabled'),
    updateTime?: string(name='UpdateTime', description='The time when the information about the user was modified. The value is displayed in UTC.', example='2021-10-26T06:43:55Z'),
    userId?: string(name='UserId', description='The ID of the user.', example='u-00q8wbq42wiltcrk****'),
    userName?: string(name='UserName', description='The name of the user.', example='Alice'),
  }(name='User', description='The information about the user.'),
}

model GetUserResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: GetUserResponseBody(name='body'),
}

/**
 * @summary Queries information about a user.
 *
 * @description This topic provides an example on how to query information about the user whose ID is `u-00q8wbq42wiltcrk****` in the `d-00fc2p61****` directory.
 *
 * @param request GetUserRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return GetUserResponse
 */
async function getUserWithOptions(request: GetUserRequest, runtime: Util.RuntimeOptions): GetUserResponse {
  Util.validateModel(request);
  var query = {};
  if (!Util.isUnset(request.directoryId)) {
    query['DirectoryId'] = request.directoryId;
  }
  if (!Util.isUnset(request.userId)) {
    query['UserId'] = request.userId;
  }
  var req = new OpenApi.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApi.Params{
    action = 'GetUser',
    version = '2021-05-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Queries information about a user.
 *
 * @description This topic provides an example on how to query information about the user whose ID is `u-00q8wbq42wiltcrk****` in the `d-00fc2p61****` directory.
 *
 * @param request GetUserRequest
 * @return GetUserResponse
 */
async function getUser(request: GetUserRequest): GetUserResponse {
  var runtime = new Util.RuntimeOptions{};
  return getUserWithOptions(request, runtime);
}

model GetUserIdRequest {
  directoryId?: string(name='DirectoryId', description='The ID of the resource directory.', example='d-00fc2p61****'),
  externalId?: {
    id?: string(name='Id', description='The identifier of the user that is synchronized from an external IdP.', example='c73******a5fdd5'),
    issuer?: string(name='Issuer', description='The method for external identity synchronization. Only System for Cross-domain Identity Management (SCIM) synchronization is supported.', example='SCIM'),
  }(name='ExternalId', description='The identifier information about the user that is synchronized from an external identity provider (IdP).'),
}

model GetUserIdShrinkRequest {
  directoryId?: string(name='DirectoryId', description='The ID of the resource directory.', example='d-00fc2p61****'),
  externalIdShrink?: string(name='ExternalId', description='The identifier information about the user that is synchronized from an external identity provider (IdP).'),
}

model GetUserIdResponseBody = {
  requestId?: string(name='RequestId', description='The request ID.', example='A3A41736-A050-50B6-ABC5-590F376A0044'),
  userId?: string(name='UserId', description='The ID of the CloudSSO user.', example='u-d8d1iox****'),
}

model GetUserIdResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: GetUserIdResponseBody(name='body'),
}

/**
 * @summary Queries the ID of a user in a resource directory by using the ExternalId parameter.
 *
 * @param tmpReq GetUserIdRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return GetUserIdResponse
 */
async function getUserIdWithOptions(tmpReq: GetUserIdRequest, runtime: Util.RuntimeOptions): GetUserIdResponse {
  Util.validateModel(tmpReq);
  var request = new GetUserIdShrinkRequest{};
  OpenApiUtil.convert(tmpReq, request);
  if (!Util.isUnset(tmpReq.externalId)) {
    request.externalIdShrink = OpenApiUtil.arrayToStringWithSpecifiedStyle(tmpReq.externalId, 'ExternalId', 'json');
  }
  var query = {};
  if (!Util.isUnset(request.directoryId)) {
    query['DirectoryId'] = request.directoryId;
  }
  if (!Util.isUnset(request.externalIdShrink)) {
    query['ExternalId'] = request.externalIdShrink;
  }
  var req = new OpenApi.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApi.Params{
    action = 'GetUserId',
    version = '2021-05-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Queries the ID of a user in a resource directory by using the ExternalId parameter.
 *
 * @param request GetUserIdRequest
 * @return GetUserIdResponse
 */
async function getUserId(request: GetUserIdRequest): GetUserIdResponse {
  var runtime = new Util.RuntimeOptions{};
  return getUserIdWithOptions(request, runtime);
}

model GetUserMFAAuthenticationSettingsRequest {
  directoryId?: string(name='DirectoryId', description='The ID of the directory.', example='d-00fc2p61****'),
  userId?: string(name='UserId', description='The ID of the user.', example='u-00q8wbq42wiltcrk****'),
}

model GetUserMFAAuthenticationSettingsResponseBody = {
  requestId?: string(name='RequestId', description='The ID of the request.', example='5B598B62-85E6-5792-9DF1-246D251B07DA'),
  userMFAAuthenticationSettings?: string(name='UserMFAAuthenticationSettings', description='Indicates whether MFA is enabled for the user. Valid values:

*   Enabled: MFA is enabled for the user.
*   Disabled: MFA is disabled for the user.', example='Enabled'),
}

model GetUserMFAAuthenticationSettingsResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: GetUserMFAAuthenticationSettingsResponseBody(name='body'),
}

/**
 * @summary Queries the multi-factor authentication (MFA) setting of a single user.
 *
 * @description This topic provides an example on how to query the MFA setting of the user named `u-00q8wbq42wiltcrk****`. The returned result shows that MFA is enabled for the user.
 *
 * @param request GetUserMFAAuthenticationSettingsRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return GetUserMFAAuthenticationSettingsResponse
 */
async function getUserMFAAuthenticationSettingsWithOptions(request: GetUserMFAAuthenticationSettingsRequest, runtime: Util.RuntimeOptions): GetUserMFAAuthenticationSettingsResponse {
  Util.validateModel(request);
  var query = {};
  if (!Util.isUnset(request.directoryId)) {
    query['DirectoryId'] = request.directoryId;
  }
  if (!Util.isUnset(request.userId)) {
    query['UserId'] = request.userId;
  }
  var req = new OpenApi.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApi.Params{
    action = 'GetUserMFAAuthenticationSettings',
    version = '2021-05-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Queries the multi-factor authentication (MFA) setting of a single user.
 *
 * @description This topic provides an example on how to query the MFA setting of the user named `u-00q8wbq42wiltcrk****`. The returned result shows that MFA is enabled for the user.
 *
 * @param request GetUserMFAAuthenticationSettingsRequest
 * @return GetUserMFAAuthenticationSettingsResponse
 */
async function getUserMFAAuthenticationSettings(request: GetUserMFAAuthenticationSettingsRequest): GetUserMFAAuthenticationSettingsResponse {
  var runtime = new Util.RuntimeOptions{};
  return getUserMFAAuthenticationSettingsWithOptions(request, runtime);
}

model GetUserProvisioningRequest {
  directoryId?: string(name='DirectoryId', description='The ID of the resource directory.', example='d-003qew84****'),
  userProvisioningId?: string(name='UserProvisioningId', description='The ID of the RAM user provisioning.', example='up-002axzhapcbz6e63****'),
}

model GetUserProvisioningResponseBody = {
  requestId?: string(name='RequestId', description='The request ID.', example='F6F90F3D-4502-5877-B80B-97476F6AE2CC'),
  userProvisioning?: {
    createTime?: string(name='CreateTime', description='The creation time.', example='2022-11-28T03:55:42Z'),
    deletionStrategy?: string(name='DeletionStrategy', description='The deletion policy. The policy is used to manage synchronized users when you delete the RAM user provisioning. Valid values:

*   Delete: When you delete the RAM user provisioning, the system deletes the synchronized users.
*   Keep: When you delete the RAM user provisioning, the system retains the synchronized users.', example='Delete'),
    description?: string(name='Description', description='The description.', example='This is a user provisioning.'),
    directoryId?: string(name='DirectoryId', description='The ID of the resource directory.', example='d-003qew84****'),
    duplicationStrategy?: string(name='DuplicationStrategy', description='The conflict handling policy. The policy is used when a RAM user has the same username as the CloudSSO user who is synchronized to RAM. Valid values:

*   KeepBoth: When a CloudSSO user is synchronized to RAM, if a RAM user who has the same username as the CloudSSO user exists, the system creates a RAM user whose username is the username of the CloudSSO user plus the suffix `_sso`.
*   TakeOver: When a CloudSSO user is synchronized to RAM, if a RAM user who has the same username as the CloudSSO user exists, the system replaces the RAM user with the CloudSSO user.', example='KeepBoth'),
    ownerPk?: string(name='OwnerPk', description='The ID of the Alibaba Cloud account to which the resource directory belongs.', example='1639738******'),
    principalId?: string(name='PrincipalId', description='The identity ID of the RAM user provisioning. Valid values:

*   If `Group` is returned for the `PrincipalType` parameter, the value of this parameter is the ID of a CloudSSO user group (g-\\\\*\\\\*\\\\*\\\\*\\\\*\\\\*\\\\*\\\\*).
*   If `User` is returned for the `PrincipalType` parameter, the value of this parameter is the ID of a CloudSSO user (u-\\\\*\\\\*\\\\*\\\\*\\\\*\\\\*\\\\*\\\\*).', example='g-02ha881d*****'),
    principalName?: string(name='PrincipalName', description='The identity name of the RAM user provisioning. Valid values:

*   If `Group` is returned for the `PrincipalType` parameter, the value of this parameter is the name of a CloudSSO user group.
*   If `User` is returned for the `PrincipalType` parameter, the value of this parameter is the name of a CloudSSO user.', example='testGroupName'),
    principalType?: string(name='PrincipalType', description='The identity type of the RAM user provisioning. Valid values:

*   User: indicates that the identity of the RAM user provisioning is a CloudSSO user.
*   Group: indicates that the identity of the RAM user provisioning is a CloudSSO user group.', example='Group'),
    status?: string(name='Status', description='The status of the RAM user provisioning. Valid values:

*   Enabled
*   Disabled', example='Enabled'),
    targetId?: string(name='TargetId', description='The ID of the object for which you create the RAM user provisioning. The value is fixed as the ID of the member in the resource directory.', example='1743382******'),
    targetName?: string(name='TargetName', description='The name of the object for which you create the RAM user provisioning. The value is fixed as the name of the member in the resource directory.', example='testRdMember'),
    targetPath?: string(name='TargetPath', description='The path of the resource directory in which you create the RAM user provisioning for the member.'),
    targetType?: string(name='TargetType', description='The object for which you create the RAM user provisioning. The value is fixed as `RD-Account`.', example='RD-Account'),
    updateTime?: string(name='UpdateTime', description='The modification time.', example='2022-11-28T03:55:42Z'),
    userProvisioningId?: string(name='UserProvisioningId', description='The ID of the RAM user provisioning.', example='up-002axzhapcbz6e63****'),
  }(name='UserProvisioning', description='The information about the RAM user provisioning.'),
}

model GetUserProvisioningResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: GetUserProvisioningResponseBody(name='body'),
}

/**
 * @summary Queries a Resource Access Management (RAM) user provisioning.
 *
 * @param request GetUserProvisioningRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return GetUserProvisioningResponse
 */
async function getUserProvisioningWithOptions(request: GetUserProvisioningRequest, runtime: Util.RuntimeOptions): GetUserProvisioningResponse {
  Util.validateModel(request);
  var query = {};
  if (!Util.isUnset(request.directoryId)) {
    query['DirectoryId'] = request.directoryId;
  }
  if (!Util.isUnset(request.userProvisioningId)) {
    query['UserProvisioningId'] = request.userProvisioningId;
  }
  var req = new OpenApi.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApi.Params{
    action = 'GetUserProvisioning',
    version = '2021-05-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Queries a Resource Access Management (RAM) user provisioning.
 *
 * @param request GetUserProvisioningRequest
 * @return GetUserProvisioningResponse
 */
async function getUserProvisioning(request: GetUserProvisioningRequest): GetUserProvisioningResponse {
  var runtime = new Util.RuntimeOptions{};
  return getUserProvisioningWithOptions(request, runtime);
}

model GetUserProvisioningConfigurationRequest {
  directoryId?: string(name='DirectoryId', description='The ID of the resource directory.', example='d-00fc2p61****'),
}

model GetUserProvisioningConfigurationResponseBody = {
  requestId?: string(name='RequestId', description='The request ID.', example='66898413-EB80-556D-9429-06FE3548F672'),
  userProvisioningConfiguration?: {
    createTime?: string(name='CreateTime', description='The creation time.', example='2022-11-28T03:55:42Z'),
    defaultLandingPage?: string(name='DefaultLandingPage', description='The default URL for a CloudSSO user who logs on to the Alibaba Cloud Management Console.

Default value: https://homenew.console.aliyun.com.', example='https://homenew.console.aliyun.com'),
    directoryId?: string(name='DirectoryId', description='The ID of the resource directory.', example='d-00fc2p61****'),
    sessionDuration?: int32(name='SessionDuration', description='The duration of the logon session.

Unit: hours.

Valid values: 1 to 24.

Default value: 6.', example='10'),
    updateTime?: string(name='UpdateTime', description='The modification time.', example='2022-11-28T03:55:42Z'),
  }(name='UserProvisioningConfiguration', description='The global configurations of the RAM user provisioning.'),
}

model GetUserProvisioningConfigurationResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: GetUserProvisioningConfigurationResponseBody(name='body'),
}

/**
 * @summary Queries the global configurations of a Resource Access Management (RAM) user provisioning.
 *
 * @param request GetUserProvisioningConfigurationRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return GetUserProvisioningConfigurationResponse
 */
async function getUserProvisioningConfigurationWithOptions(request: GetUserProvisioningConfigurationRequest, runtime: Util.RuntimeOptions): GetUserProvisioningConfigurationResponse {
  Util.validateModel(request);
  var query = {};
  if (!Util.isUnset(request.directoryId)) {
    query['DirectoryId'] = request.directoryId;
  }
  var req = new OpenApi.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApi.Params{
    action = 'GetUserProvisioningConfiguration',
    version = '2021-05-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Queries the global configurations of a Resource Access Management (RAM) user provisioning.
 *
 * @param request GetUserProvisioningConfigurationRequest
 * @return GetUserProvisioningConfigurationResponse
 */
async function getUserProvisioningConfiguration(request: GetUserProvisioningConfigurationRequest): GetUserProvisioningConfigurationResponse {
  var runtime = new Util.RuntimeOptions{};
  return getUserProvisioningConfigurationWithOptions(request, runtime);
}

model GetUserProvisioningEventRequest {
  directoryId?: string(name='DirectoryId', description='The ID of the resource directory.', example='d-003qew84****'),
  eventId?: string(name='EventId', description='The ID of the RAM user provisioning event.

You can call the [ListUserProvisioningEvents](https://help.aliyun.com/document_detail/2636305.html) operation to query the value of `EventId`.', example='upe-wjKyNDmZvyZOiRcJ****'),
}

model GetUserProvisioningEventResponseBody = {
  requestId?: string(name='RequestId', description='The request ID.', example='B801715C-97EA-3067-AC97-EF1EBECBB39C'),
  userProvisioningEvent?: {
    createTime?: string(name='CreateTime', description='The creation time. The time is displayed in UTC.', example='2022-11-28T03:55:42Z'),
    deletionStrategy?: string(name='DeletionStrategy', description='The deletion policy. The policy is used to manage synchronized users when you delete the RAM user provisioning. Valid values:

*   Delete: When you delete the RAM user provisioning, the system deletes the synchronized users.
*   Keep: When you delete the RAM user provisioning, the system retains the synchronized users.', example='Delete'),
    directoryId?: string(name='DirectoryId', description='The ID of the resource directory.', example='d-003qew84****'),
    duplicationStrategy?: string(name='DuplicationStrategy', description='The conflict handling policy. The policy is used when a RAM user has the same username as the CloudSSO user who is synchronized to RAM. Valid values:

*   KeepBoth: When a CloudSSO user is synchronized to RAM, if a RAM user who has the same username as the CloudSSO user exists, the system creates a RAM user whose username is the username of the CloudSSO user plus the suffix `_sso`.
*   TakeOver: When a CloudSSO user is synchronized to RAM, if a RAM user who has the same username as the CloudSSO user exists, the system replaces the RAM user with the CloudSSO user.', example='KeepBoth'),
    errorCount?: long(name='ErrorCount', description='The number of execution failures.', example='3'),
    errorInfo?: string(name='ErrorInfo', description='The error message that is displayed when the last execution of the RAM user provisioning event failed.', example='OperationConflict.UserProvisioning.Process.fail.ImsUserExists'),
    eventId?: string(name='EventId', description='The ID of the RAM user provisioning event.', example='upe-wjKyNDmZvyZOiRcJ****'),
    latestAsyncTime?: string(name='LatestAsyncTime', description='The time at which the RAM user provisioning event was last executed. The time is displayed in UTC.', example='2022-11-28T03:55:42Z'),
    principalId?: string(name='PrincipalId', description='The identity ID of the RAM user provisioning. Valid values:

*   If `Group` is returned for the `PrincipalType` parameter, the value of this parameter is the ID of a CloudSSO user group (g-\\\\*\\\\*\\\\*\\\\*\\\\*\\\\*\\\\*\\\\*).
*   If `User` is returned for the `PrincipalType` parameter, the value of this parameter is the ID of a CloudSSO user (u-\\\\*\\\\*\\\\*\\\\*\\\\*\\\\*\\\\*\\\\*).', example='g-02ha881d*****'),
    principalName?: string(name='PrincipalName', description='The identity name of the RAM user provisioning. Valid values:

*   If `Group` is returned for the `PrincipalType` parameter, the value of this parameter is the name of a CloudSSO user group.
*   If `User` is returned for the `PrincipalType` parameter, the value of this parameter is the name of a CloudSSO user.', example='exampleGroupName'),
    principalType?: string(name='PrincipalType', description='The identity type of the RAM user provisioning. Valid values:

*   User: The identity of the RAM user provisioning is a CloudSSO user.
*   Group: The identity of the RAM user provisioning is a CloudSSO user group.', example='Group'),
    sourceType?: string(name='SourceType', description='The type of the source operation. Valid values:

*   StartProvisioning: enables the RAM user provisioning.
*   DeleteProvisioning: deletes the RAM user provisioning.
*   AddUserToGroup: adds a user to a user group.
*   RemoveUserFromGroup: removes a user from a user group.
*   UserProvisioningDeletionClearing: deletes the RAM user provisioning and clears resources in the background.', example='AddUserToGroup'),
    targetId?: string(name='TargetId', description='The ID of the object for which you create the RAM user provisioning.

The value is fixed as the ID of the member in the resource directory.````', example='1743382******'),
    targetName?: string(name='TargetName', description='The name of the object for which you create the RAM user provisioning.

The value is fixed as the name of the member in the resource directory.````', example='exampleRdMember'),
    targetPath?: string(name='TargetPath', description='The path of the resource directory in which you create the RAM user provisioning for the object.'),
    targetType?: string(name='TargetType', description='The object for which you create the RAM user provisioning. The value is fixed as `RD-Account`.', example='RD-Account'),
    updateTime?: string(name='UpdateTime', description='The modification time. The time is displayed in UTC.', example='2022-11-28T03:55:42Z'),
    userProvisioningId?: string(name='UserProvisioningId', description='The ID of the RAM user provisioning event.', example='up-002axzhapcbz6e63****'),
  }(name='UserProvisioningEvent', description='The RAM user provisioning event.'),
}

model GetUserProvisioningEventResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: GetUserProvisioningEventResponseBody(name='body'),
}

/**
 * @summary Queries the information about a Resource Access Management (RAM) user provisioning.
 *
 * @param request GetUserProvisioningEventRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return GetUserProvisioningEventResponse
 */
async function getUserProvisioningEventWithOptions(request: GetUserProvisioningEventRequest, runtime: Util.RuntimeOptions): GetUserProvisioningEventResponse {
  Util.validateModel(request);
  var query = {};
  if (!Util.isUnset(request.directoryId)) {
    query['DirectoryId'] = request.directoryId;
  }
  if (!Util.isUnset(request.eventId)) {
    query['EventId'] = request.eventId;
  }
  var req = new OpenApi.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApi.Params{
    action = 'GetUserProvisioningEvent',
    version = '2021-05-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Queries the information about a Resource Access Management (RAM) user provisioning.
 *
 * @param request GetUserProvisioningEventRequest
 * @return GetUserProvisioningEventResponse
 */
async function getUserProvisioningEvent(request: GetUserProvisioningEventRequest): GetUserProvisioningEventResponse {
  var runtime = new Util.RuntimeOptions{};
  return getUserProvisioningEventWithOptions(request, runtime);
}

model GetUserProvisioningRdAccountStatisticsRequest {
  directoryId?: string(name='DirectoryId', description='The ID of the resource directory.', example='d-003qew84****'),
  rdMemberId?: string(name='RdMemberId', description='The ID of the member in the resource directory.', example='1743382******'),
}

model GetUserProvisioningRdAccountStatisticsResponseBody = {
  requestId?: string(name='RequestId', description='The request ID.', example='F6F90F3D-4502-5877-B80B-97476F6AE2CC'),
  userProvisioningStatistics?: {
    directoryId?: string(name='DirectoryId', description='The ID of the resource directory.', example='d-003qew84****'),
    entityId?: string(name='EntityId', description='The entity ID, which is the ID of the member in the resource directory.', example='1743382******'),
    failedEventCount?: long(name='FailedEventCount', description='The number of failed RAM user provisioning events.', example='4'),
    latestAsyncTime?: string(name='LatestAsyncTime', description='The time when the RAM user provisioning was last performed.', example='2022-11-28T03:55:42Z'),
    ownerPk?: string(name='OwnerPk', description='The ID of the Alibaba Cloud account to which the resource directory belongs.', example='1639738******'),
    type?: string(name='Type', description='The entity type. The value is fixed as `RD Account`.', example='RD Account'),
  }(name='UserProvisioningStatistics', description='The statistics of the RAM user provisioning.'),
}

model GetUserProvisioningRdAccountStatisticsResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: GetUserProvisioningRdAccountStatisticsResponseBody(name='body'),
}

/**
 * @summary Queries statistics of Resource Access Management (RAM) user provisioning events that are created for the member in a resource directory.
 *
 * @param request GetUserProvisioningRdAccountStatisticsRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return GetUserProvisioningRdAccountStatisticsResponse
 */
async function getUserProvisioningRdAccountStatisticsWithOptions(request: GetUserProvisioningRdAccountStatisticsRequest, runtime: Util.RuntimeOptions): GetUserProvisioningRdAccountStatisticsResponse {
  Util.validateModel(request);
  var query = {};
  if (!Util.isUnset(request.directoryId)) {
    query['DirectoryId'] = request.directoryId;
  }
  if (!Util.isUnset(request.rdMemberId)) {
    query['RdMemberId'] = request.rdMemberId;
  }
  var req = new OpenApi.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApi.Params{
    action = 'GetUserProvisioningRdAccountStatistics',
    version = '2021-05-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Queries statistics of Resource Access Management (RAM) user provisioning events that are created for the member in a resource directory.
 *
 * @param request GetUserProvisioningRdAccountStatisticsRequest
 * @return GetUserProvisioningRdAccountStatisticsResponse
 */
async function getUserProvisioningRdAccountStatistics(request: GetUserProvisioningRdAccountStatisticsRequest): GetUserProvisioningRdAccountStatisticsResponse {
  var runtime = new Util.RuntimeOptions{};
  return getUserProvisioningRdAccountStatisticsWithOptions(request, runtime);
}

model GetUserProvisioningStatisticsRequest {
  directoryId?: string(name='DirectoryId', description='The ID of the resource directory.', example='d-003qew84****'),
  userProvisioningId?: string(name='UserProvisioningId', description='The ID of the RAM user provisioning.', example='up-002axzhapcbz6e63****'),
}

model GetUserProvisioningStatisticsResponseBody = {
  requestId?: string(name='RequestId', description='The request ID.', example='F6F90F3D-4502-5877-B80B-97476F6AE2CC'),
  userProvisioningStatistics?: {
    directoryId?: string(name='DirectoryId', description='The ID of the resource directory.', example='d-003qew84****'),
    entityId?: string(name='EntityId', description='The entity ID, which is the ID of the RAM user provisioning.', example='up-002axzhapcbz6e63****'),
    failedEventCount?: long(name='FailedEventCount', description='The number of failed RAM user provisioning events that are associated with the RAM user provisioning.', example='3'),
    latestAsyncTime?: string(name='LatestAsyncTime', description='The time when the RAM user provisioning was last performed.', example='2022-11-28T03:55:42Z'),
    ownerPk?: string(name='OwnerPk', description='The ID of the Alibaba Cloud account to which the resource directory belongs.', example='139665787317****'),
    type?: string(name='Type', description='The entity type. The value is fixed as `User Provisioning`.', example='User Provisioning'),
  }(name='UserProvisioningStatistics', description='The statistics of the RAM user provisioning.'),
}

model GetUserProvisioningStatisticsResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: GetUserProvisioningStatisticsResponseBody(name='body'),
}

/**
 * @summary Queries the statistics of a Resource Access Management (RAM) user provisioning.
 *
 * @param request GetUserProvisioningStatisticsRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return GetUserProvisioningStatisticsResponse
 */
async function getUserProvisioningStatisticsWithOptions(request: GetUserProvisioningStatisticsRequest, runtime: Util.RuntimeOptions): GetUserProvisioningStatisticsResponse {
  Util.validateModel(request);
  var query = {};
  if (!Util.isUnset(request.directoryId)) {
    query['DirectoryId'] = request.directoryId;
  }
  if (!Util.isUnset(request.userProvisioningId)) {
    query['UserProvisioningId'] = request.userProvisioningId;
  }
  var req = new OpenApi.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApi.Params{
    action = 'GetUserProvisioningStatistics',
    version = '2021-05-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Queries the statistics of a Resource Access Management (RAM) user provisioning.
 *
 * @param request GetUserProvisioningStatisticsRequest
 * @return GetUserProvisioningStatisticsResponse
 */
async function getUserProvisioningStatistics(request: GetUserProvisioningStatisticsRequest): GetUserProvisioningStatisticsResponse {
  var runtime = new Util.RuntimeOptions{};
  return getUserProvisioningStatisticsWithOptions(request, runtime);
}

model ListAccessAssignmentsRequest {
  accessConfigurationId?: string(name='AccessConfigurationId', description='The ID of the access configuration. The ID can be used to filter access permissions.', example='ac-00jhtfl8thteu6uj****'),
  directoryId?: string(name='DirectoryId', description='The directory ID.', example='d-00fc2p61****'),
  maxResults?: int32(name='MaxResults', description='The maximum number of entries per page.

Valid values: 1 to 20.

Default value: 10.', example='10'),
  nextToken?: string(name='NextToken', description='The pagination token that is used in the next request to retrieve a new page of results. If this is your first time to call this operation, you do not need to specify the `NextToken` parameter.

When you call this operation for the first time, if the total number of entries to return exceeds the value of `MaxResults`, the entries are truncated. Only the entries that match the value of `MaxResults` are returned, and the excess entries are not returned. In this case, the value of the response parameter `IsTruncated` is `true`, and `NextToken` is returned. In the next call, you can use the value of `NextToken` and maintain the settings of the other request parameters to query the excess entries. You can repeat the call until the value of `IsTruncated` becomes `false`. This way, all entries are returned.', example='K1c3o9K7pFxoTtxH1Nm7MMLb7zrDGvftYBQBPDVv7AD3a8yhRb3Mk8L9ivmN6bFSjfkZNTAg3h4****'),
  principalId?: string(name='PrincipalId', description='The ID of the CloudSSO identity. The ID can be used to filter access permissions.

*   If you set `PrincipalType` to User, set `PrincipalId` to the ID of the CloudSSO user.
*   If you set `PrincipalType` to Group, set `PrincipalId` to the ID of the CloudSSO group.

>  You can use the type to filter access permissions only if you specify both PrincipalId and `PrincipalType`.``', example='u-00q8wbq42wiltcrk****'),
  principalType?: string(name='PrincipalType', description='The type of the CloudSSO identity. The type can be used to filter access permissions. Valid values:

*   User
*   Group

>  You can use the type to filter access permissions only if you specify both PrincipalId and `PrincipalType`.``', example='User'),
  targetId?: string(name='TargetId', description='The ID of the task object. The ID can be used to filter access permissions.

>  You can use the type to filter access permissions only if you specify both `TargetId` and `TargetType`.', example='114240524784****'),
  targetType?: string(name='TargetType', description='The type of the task object. The type can be used to filter access permissions.

Set the value to RD-Account, which specifies the accounts in the resource directory.

>  You can use the type to filter access permissions only if you specify both `TargetId` and `TargetType`.', example='RD-Account'),
}

model ListAccessAssignmentsResponseBody = {
  accessAssignments?: [ 
    {
      accessConfigurationId?: string(name='AccessConfigurationId', description='The ID of the access configuration.', example='ac-00jhtfl8thteu6uj****'),
      accessConfigurationName?: string(name='AccessConfigurationName', description='The name of the access configuration.', example='ECS-Admin'),
      createTime?: string(name='CreateTime', description='The time when the access permissions were assigned.', example='2021-11-04T10:03:08Z'),
      principalId?: string(name='PrincipalId', description='The ID of the CloudSSO identity.', example='u-00q8wbq42wiltcrk****'),
      principalName?: string(name='PrincipalName', description='The name of the CloudSSO identity.', example='Alice'),
      principalType?: string(name='PrincipalType', description='The type of the CloudSSO identity. Valid values:

*   User
*   Group', example='User'),
      targetId?: string(name='TargetId', description='The ID of the task object.', example='114240524784****'),
      targetName?: string(name='TargetName', description='The name of the task object.', example='dev-test'),
      targetPath?: string(name='TargetPath', description='The path ID of the task object in the resource directory.'),
      targetPathName?: string(name='TargetPathName', description='The path name of the task object in the resource directory.'),
      targetType?: string(name='TargetType', description='The type of the task object.

The value is fixed as RD-Account, which indicates the accounts in the resource directory.', example='RD-Account'),
    }
  ](name='AccessAssignments', description='The access permissions that are assigned.'),
  isTruncated?: boolean(name='IsTruncated', description='Indicates whether the queried entries are truncated. Valid values:

*   true
*   false', example='false'),
  maxResults?: int32(name='MaxResults', description='The maximum number of entries returned per page.', example='10'),
  nextToken?: string(name='NextToken', description='The returned value of NextToken is a pagination token, which can be used in the next request to retrieve a new page of results.

>  This parameter is returned only when the value of IsTruncated is `true`.``', example='K1c3o9K7pFxoTtxH1Nm7MMLb7zrDGvftYBQBPDVv7AD3a8yhRb3Mk8L9ivmN6bFSjfkZNTAg3h4****'),
  requestId?: string(name='RequestId', description='The request ID.', example='66898413-EB80-556D-9429-06FE3548F672'),
  totalCounts?: int32(name='TotalCounts', description='The total number of entries returned.', example='1'),
}

model ListAccessAssignmentsResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: ListAccessAssignmentsResponseBody(name='body'),
}

/**
 * @summary Queries the access permissions that are assigned.
 *
 * @description This topic provides an example on how to query the assigned access permissions on the account `114240524784****` in your resource directory. The returned result shows that access permissions on the account in your resource directory is assigned to one user.
 *
 * @param request ListAccessAssignmentsRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return ListAccessAssignmentsResponse
 */
async function listAccessAssignmentsWithOptions(request: ListAccessAssignmentsRequest, runtime: Util.RuntimeOptions): ListAccessAssignmentsResponse {
  Util.validateModel(request);
  var query = {};
  if (!Util.isUnset(request.accessConfigurationId)) {
    query['AccessConfigurationId'] = request.accessConfigurationId;
  }
  if (!Util.isUnset(request.directoryId)) {
    query['DirectoryId'] = request.directoryId;
  }
  if (!Util.isUnset(request.maxResults)) {
    query['MaxResults'] = request.maxResults;
  }
  if (!Util.isUnset(request.nextToken)) {
    query['NextToken'] = request.nextToken;
  }
  if (!Util.isUnset(request.principalId)) {
    query['PrincipalId'] = request.principalId;
  }
  if (!Util.isUnset(request.principalType)) {
    query['PrincipalType'] = request.principalType;
  }
  if (!Util.isUnset(request.targetId)) {
    query['TargetId'] = request.targetId;
  }
  if (!Util.isUnset(request.targetType)) {
    query['TargetType'] = request.targetType;
  }
  var req = new OpenApi.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApi.Params{
    action = 'ListAccessAssignments',
    version = '2021-05-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Queries the access permissions that are assigned.
 *
 * @description This topic provides an example on how to query the assigned access permissions on the account `114240524784****` in your resource directory. The returned result shows that access permissions on the account in your resource directory is assigned to one user.
 *
 * @param request ListAccessAssignmentsRequest
 * @return ListAccessAssignmentsResponse
 */
async function listAccessAssignments(request: ListAccessAssignmentsRequest): ListAccessAssignmentsResponse {
  var runtime = new Util.RuntimeOptions{};
  return listAccessAssignmentsWithOptions(request, runtime);
}

model ListAccessConfigurationProvisioningsRequest {
  accessConfigurationId?: string(name='AccessConfigurationId', description='The ID of the access configuration. The ID can be used to filter access permissions.', example='ac-00ccule7tadaijxc****'),
  directoryId?: string(name='DirectoryId', description='The ID of the directory.', example='d-00fc2p61****'),
  maxResults?: int32(name='MaxResults', description='The maximum number of entries per page.

Valid values: 1 to 20.

Default value: 10.', example='10'),
  nextToken?: string(name='NextToken', description='The returned value of NextToken is a pagination token, which can be used in the next request to retrieve a new page of results. If this is your first time to call this operation, you do not need to specify the `NextToken` parameter.

When you call this operation for the first time, if the total number of entries to return exceeds the value of `MaxResults`, the entries are truncated. Only the entries that match the value of `MaxResults` are returned, and the excess entries are not returned. In this case, the value of the response parameter `IsTruncated` is `true`, and `NextToken` is returned. In the next call, you can use the value of `NextToken` and maintain the settings of the other request parameters to query the excess entries. You can repeat the call until the value of `IsTruncated` becomes `false`. This way, all entries are returned.', example='K1c3o9K7pFxoTtxH1Nm7MMLb7zrDGvftYBQBPDVv7AD3a8yhRb3Mk8L9ivmN6bFSjfkZNTAg3h4****'),
  provisioningStatus?: string(name='ProvisioningStatus', description='The status of the access configuration. The value can be used to filter accounts. Valid values:

*   Provisioned: The access configuration is provisioned.
*   ReprovisionRequired: The access configuration needs to be re-provisioned.
*   DeprovisionFailed: The access configuration failed to be provisioned.', example='Provisioned'),
  targetId?: string(name='TargetId', description='The ID of the task object. The ID can be used to filter access permissions.

>  You can use the type to filter access permissions only if you specify both `TargetId` and `TargetType`.', example='114240524784****'),
  targetType?: string(name='TargetType', description='The type of the task object. The type can be used to filter access permissions.

Set the value to RD-Account, which specifies the accounts in the resource directory.

>  You can use the type to filter access permissions only if you specify both `TargetId` and `TargetType`.', example='RD-Account'),
}

model ListAccessConfigurationProvisioningsResponseBody = {
  accessConfigurationProvisionings?: [ 
    {
      accessConfigurationId?: string(name='AccessConfigurationId', description='The ID of the access configuration.', example='ac-00ccule7tadaijxc****'),
      accessConfigurationName?: string(name='AccessConfigurationName', description='The name of the access configuration.', example='VPC-Admin'),
      createTime?: string(name='CreateTime', description='The first time when the access configuration was provisioned.', example='2021-07-26T08:54:14Z'),
      RAMPolicyNames?: [ string ](name='RAMPolicyNames', description='The name of the custom policy that is created for an account in the resource directory.'),
      RAMRoleName?: string(name='RAMRoleName', description='The name of the RAM role that is created for an account in the resource directory.', example='AliyunReservedSSO-VPC-Admin'),
      SAMLProviderName?: string(name='SAMLProviderName', description='The name of the Security Assertion Markup Language (SAML) identity provider (IdP) that is created within an account in the resource directory.', example='AliyunReservedSSO-d-00fc2p61****'),
      status?: string(name='Status', description='The status of the access configuration. Valid values:

*   Provisioned: The access configuration is provisioned.
*   ReprovisionRequired: The access configuration needs to be re-provisioned.
*   DeprovisionFailed: The access configuration failed to be provisioned.', example='Provisioned'),
      targetId?: string(name='TargetId', description='The ID of the task object.

If the value of TargetType is `RD-Account`, the value of this parameter is the UID of an account in the resource directory.', example='101522521960****'),
      targetName?: string(name='TargetName', description='The name of the task object.', example='SharedServices_5009****'),
      targetPath?: string(name='TargetPath', description='The path ID of the task object in the resource directory.'),
      targetPathName?: string(name='TargetPathName', description='The path name of the task object in the resource directory.'),
      targetType?: string(name='TargetType', description='The type of the task object.

Set the value to RD-Account, which specifies the accounts in the resource directory.', example='RD-Account'),
      updateTime?: string(name='UpdateTime', description='The last time when the access configuration was provisioned.', example='2021-07-26T08:54:18Z'),
    }
  ](name='AccessConfigurationProvisionings', description='The accounts for which the access configuration is provisioned.'),
  isTruncated?: boolean(name='IsTruncated', description='Indicates whether the queried entries are truncated. Valid values:

*   true
*   false', example='false'),
  maxResults?: int32(name='MaxResults', description='The maximum number of entries returned per page.', example='10'),
  nextToken?: string(name='NextToken', description='The returned value of NextToken is a pagination token, which can be used in the next request to retrieve a new page of results.

>  This parameter is returned only when the value of `IsTruncated` is `true`.', example='K1c3o9K7pFxoTtxH1Nm7MMLb7zrDGvftYBQBPDVv7AD3a8yhRb3Mk8L9ivmN6bFSjfkZNTAg3h4****'),
  requestId?: string(name='RequestId', description='The request ID.', example='6BA1BDF1-D845-5D2C-B742-74BE2970E4C1'),
  totalCounts?: int32(name='TotalCounts', description='The total number of entries returned.', example='2'),
}

model ListAccessConfigurationProvisioningsResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: ListAccessConfigurationProvisioningsResponseBody(name='body'),
}

/**
 * @summary Queries the access configurations that are provisioned.
 *
 * @description This topic provides an example on how to query the accounts for which the access permission `ac-00ccule7tadaijxc****` is provisioned. The returned result shows that the access configuration is provisioned for two accounts in your resource directory.
 *
 * @param request ListAccessConfigurationProvisioningsRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return ListAccessConfigurationProvisioningsResponse
 */
async function listAccessConfigurationProvisioningsWithOptions(request: ListAccessConfigurationProvisioningsRequest, runtime: Util.RuntimeOptions): ListAccessConfigurationProvisioningsResponse {
  Util.validateModel(request);
  var query = {};
  if (!Util.isUnset(request.accessConfigurationId)) {
    query['AccessConfigurationId'] = request.accessConfigurationId;
  }
  if (!Util.isUnset(request.directoryId)) {
    query['DirectoryId'] = request.directoryId;
  }
  if (!Util.isUnset(request.maxResults)) {
    query['MaxResults'] = request.maxResults;
  }
  if (!Util.isUnset(request.nextToken)) {
    query['NextToken'] = request.nextToken;
  }
  if (!Util.isUnset(request.provisioningStatus)) {
    query['ProvisioningStatus'] = request.provisioningStatus;
  }
  if (!Util.isUnset(request.targetId)) {
    query['TargetId'] = request.targetId;
  }
  if (!Util.isUnset(request.targetType)) {
    query['TargetType'] = request.targetType;
  }
  var req = new OpenApi.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApi.Params{
    action = 'ListAccessConfigurationProvisionings',
    version = '2021-05-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Queries the access configurations that are provisioned.
 *
 * @description This topic provides an example on how to query the accounts for which the access permission `ac-00ccule7tadaijxc****` is provisioned. The returned result shows that the access configuration is provisioned for two accounts in your resource directory.
 *
 * @param request ListAccessConfigurationProvisioningsRequest
 * @return ListAccessConfigurationProvisioningsResponse
 */
async function listAccessConfigurationProvisionings(request: ListAccessConfigurationProvisioningsRequest): ListAccessConfigurationProvisioningsResponse {
  var runtime = new Util.RuntimeOptions{};
  return listAccessConfigurationProvisioningsWithOptions(request, runtime);
}

model ListAccessConfigurationsRequest {
  directoryId?: string(name='DirectoryId', description='The ID of the directory.', example='d-00fc2p61****'),
  filter?: string(name='Filter', description='The filter condition.

Specify the value in the \\\\<Attribute> \\\\<Operator> \\\\<Value> format. The value is not case sensitive. You can set \\\\<Attribute> only to AccessConfigurationName and \\\\<Operator> only to eq or sw. The value eq indicates Equals. The value sw indicates Starts With.

For example, if you set Filter to AccessConfigurationName sw test, the operation queries all access configurations whose names start with test. If you set Filter to AccessConfigurationName eq TestAccessConfiguration, the operation queries the access configuration whose name is TestAccessConfiguration.', example='AccessConfigurationName sw test'),
  maxResults?: int32(name='MaxResults', description='The number of entries to return on each page.

Valid values: 1 to 100.

Default value: 10.', example='10'),
  nextToken?: string(name='NextToken', description='The token to return for the next page. If this is your first time to call this operation, you do not need to specify the `NextToken` parameter.

When you call this operation for the first time, if the total number of entries to return exceeds the value of `MaxResults`, the entries are truncated. Only the entries that match the value of `MaxResults` are returned, and the excess entries are not returned. In this case, the value of the response parameter `IsTruncated` is `true`, and `NextToken` is returned. In the next call, you can use the value of `NextToken` and maintain the settings of the other request parameters to query the excess entries. You can repeat the call until the value of `IsTruncated` becomes `false`. This way, all entries are returned.', example='K1c3o9K7pFxoTtxH1Nm7MMLb7zrDGvftYBQBPDVv7AD3a8yhRb3Mk8L9ivmN6bFSjfkZNTAg3h4****'),
  statusNotifications?: string(name='StatusNotifications', description='The status notification. The status notification can be used to filter access configurations.

Set the value to ReprovisionRequired, which indicates that the operation queries all access configurations that need to be re-provisioned.', example='ReprovisionRequired'),
}

model ListAccessConfigurationsResponseBody = {
  accessConfigurations?: [ 
    {
      accessConfigurationId?: string(name='AccessConfigurationId', description='The ID of the access configuration.', example='ac-00jhtfl8thteu6uj****'),
      accessConfigurationName?: string(name='AccessConfigurationName', description='The name of the access configuration.', example='ECS-Admin'),
      createTime?: string(name='CreateTime', description='The time when the access configuration was created.', example='2021-11-02T08:44:23Z'),
      description?: string(name='Description', description='The description of the access configuration.', example='This is an access configuration.'),
      relayState?: string(name='RelayState', description='The initial web page that is displayed after a CloudSSO user accesses an account in your resource directory by using the access configuration.', example='https://cloudsso.console.aliyun.com'),
      sessionDuration?: int32(name='SessionDuration', description='The duration of a session in which a CloudSSO user accesses an account in your resource directory by using the access configuration.

Unit: seconds.', example='900'),
      statusNotifications?: [ string ](name='StatusNotifications', description='The status notification.'),
      updateTime?: string(name='UpdateTime', description='The time when the information about the access configuration was modified.', example='2021-11-02T08:44:23Z'),
    }
  ](name='AccessConfigurations', description='The access configurations.'),
  isTruncated?: boolean(name='IsTruncated', description='Indicates whether the queried entries are truncated. Valid values:

*   true: The queried entries are truncated.
*   false: The queried entries are not truncated.', example='false'),
  maxResults?: int32(name='MaxResults', description='The number of entries returned per page.', example='10'),
  nextToken?: string(name='NextToken', description='The token that is returned for the next page.

>  This parameter is returned only when the `IsTruncated` parameter is set to `true`.', example='K1c3o9K7pFxoTtxH1Nm7MMLb7zrDGvftYBQBPDVv7AD3a8yhRb3Mk8L9ivmN6bFSjfkZNTAg3h4****'),
  requestId?: string(name='RequestId', description='The ID of the request.', example='2BC0CBAC-45E1-5BD3-BF6E-F69D1D5391C2'),
  totalCounts?: int32(name='TotalCounts', description='The total number of entries returned.', example='2'),
}

model ListAccessConfigurationsResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: ListAccessConfigurationsResponseBody(name='body'),
}

/**
 * @summary Queries access configurations.
 *
 * @description This topic provides an example on how to query the access configurations within the directory `d-00fc2p61****`. The returned result shows that the directory contains the `VPC-Admin` and `ECS-Admin` access configurations.
 *
 * @param request ListAccessConfigurationsRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return ListAccessConfigurationsResponse
 */
async function listAccessConfigurationsWithOptions(request: ListAccessConfigurationsRequest, runtime: Util.RuntimeOptions): ListAccessConfigurationsResponse {
  Util.validateModel(request);
  var query = {};
  if (!Util.isUnset(request.directoryId)) {
    query['DirectoryId'] = request.directoryId;
  }
  if (!Util.isUnset(request.filter)) {
    query['Filter'] = request.filter;
  }
  if (!Util.isUnset(request.maxResults)) {
    query['MaxResults'] = request.maxResults;
  }
  if (!Util.isUnset(request.nextToken)) {
    query['NextToken'] = request.nextToken;
  }
  if (!Util.isUnset(request.statusNotifications)) {
    query['StatusNotifications'] = request.statusNotifications;
  }
  var req = new OpenApi.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApi.Params{
    action = 'ListAccessConfigurations',
    version = '2021-05-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Queries access configurations.
 *
 * @description This topic provides an example on how to query the access configurations within the directory `d-00fc2p61****`. The returned result shows that the directory contains the `VPC-Admin` and `ECS-Admin` access configurations.
 *
 * @param request ListAccessConfigurationsRequest
 * @return ListAccessConfigurationsResponse
 */
async function listAccessConfigurations(request: ListAccessConfigurationsRequest): ListAccessConfigurationsResponse {
  var runtime = new Util.RuntimeOptions{};
  return listAccessConfigurationsWithOptions(request, runtime);
}

model ListDirectoriesResponseBody = {
  directories?: [ 
    {
      createTime?: string(name='CreateTime', description='The time when the directory was created.', example='2021-06-30T08:35:26Z'),
      directoryId?: string(name='DirectoryId', description='The ID of the directory.', example='d-00fc2p61****'),
      directoryName?: string(name='DirectoryName', description='The name of the directory.', example='new-example'),
      region?: string(name='Region', description='The region ID of the directory.', example='cn-shanghai'),
      updateTime?: string(name='UpdateTime', description='The time when the directory was modified.', example='2021-10-25T09:13:24Z'),
    }
  ](name='Directories', description='The directories.'),
  requestId?: string(name='RequestId', description='The ID of the request.', example='9A504392-F06D-5029-AB64-6654CB9F1DC1'),
  totalCounts?: int32(name='TotalCounts', description='The number of directories.', example='1'),
}

model ListDirectoriesResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: ListDirectoriesResponseBody(name='body'),
}

/**
 * @summary Queries directories.
 *
 * @description This topic provides an example on how to query the directories within your Alibaba Cloud account. The returned result shows that only one directory with the ID `d-00fc2p61****` is created within your Alibaba Cloud account.
 *
 * @param request ListDirectoriesRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return ListDirectoriesResponse
 */
async function listDirectoriesWithOptions(runtime: Util.RuntimeOptions): ListDirectoriesResponse {
  var req = new OpenApi.OpenApiRequest{};
  var params = new OpenApi.Params{
    action = 'ListDirectories',
    version = '2021-05-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Queries directories.
 *
 * @description This topic provides an example on how to query the directories within your Alibaba Cloud account. The returned result shows that only one directory with the ID `d-00fc2p61****` is created within your Alibaba Cloud account.
 *
 * @return ListDirectoriesResponse
 */
async function listDirectories(): ListDirectoriesResponse {
  var runtime = new Util.RuntimeOptions{};
  return listDirectoriesWithOptions(runtime);
}

model ListExternalSAMLIdPCertificatesRequest {
  directoryId?: string(name='DirectoryId', description='The ID of the directory.', example='d-00fc2p61****'),
}

model ListExternalSAMLIdPCertificatesResponseBody = {
  requestId?: string(name='RequestId', description='The ID of the request.', example='400979BC-92EC-58B9-B47C-6913BD56A6FD'),
  SAMLIdPCertificates?: [ 
    {
      certificateId?: string(name='CertificateId', description='The ID of the certificate.', example='idp-c-00dt9gnl7fmjaw9c****'),
      issuer?: string(name='Issuer', description='The issuer of the certificate.', example='1.2.840.113549.1.9.1=#160d696e666f406f6b74612e63****,CN=dev-xxxxxx,OU=SSOProvider,O=Okta,L=San Francisco,ST=California,C=US'),
      notAfter?: string(name='NotAfter', description='The time when the certificate expires.', example='2030-06-23T07:04:37Z'),
      notBefore?: string(name='NotBefore', description='The time when the certificate was created.', example='2020-06-23T07:03:37Z'),
      publicKey?: string(name='PublicKey', description='The public key of the certificate. The value of this parameter is in the PEM format and is Base64-encoded.', example='MIIBIjANBgkqhkiG****'),
      serialNumber?: string(name='SerialNumber', description='The serial number of the certificate.', example='159289587****'),
      signatureAlgorithm?: string(name='SignatureAlgorithm', description='The signature algorithm of the certificate.', example='SHA256withRSA'),
      subject?: string(name='Subject', description='The subject of the certificate.', example='1.2.840.113549.1.9.1=#160d696e666f406f6b74612e63****,CN=dev-xxxxxx,OU=SSOProvider,O=Okta,L=San Francisco,ST=California,C=US'),
      version?: int32(name='Version', description='The version of the certificate.', example='3'),
      x509Certificate?: string(name='X509Certificate', description='The X.509 certificate in the PEM format.', example='MIIDpDCCAoygAwIBAgIG****'),
    }
  ](name='SAMLIdPCertificates', description='The SAML signing certificates.'),
  totalCounts?: int32(name='TotalCounts', description='The total number of entries returned.', example='1'),
}

model ListExternalSAMLIdPCertificatesResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: ListExternalSAMLIdPCertificatesResponseBody(name='body'),
}

/**
 * @summary Queries Security Assertion Markup Language (SAML) signing certificates.
 *
 * @description This topic provides an example on how to query the SAML signing certificates within the directory `d-00fc2p61****`. The returned result shows that the directory contains one SAML signing certificate.
 *
 * @param request ListExternalSAMLIdPCertificatesRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return ListExternalSAMLIdPCertificatesResponse
 */
async function listExternalSAMLIdPCertificatesWithOptions(request: ListExternalSAMLIdPCertificatesRequest, runtime: Util.RuntimeOptions): ListExternalSAMLIdPCertificatesResponse {
  Util.validateModel(request);
  var query = {};
  if (!Util.isUnset(request.directoryId)) {
    query['DirectoryId'] = request.directoryId;
  }
  var req = new OpenApi.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApi.Params{
    action = 'ListExternalSAMLIdPCertificates',
    version = '2021-05-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Queries Security Assertion Markup Language (SAML) signing certificates.
 *
 * @description This topic provides an example on how to query the SAML signing certificates within the directory `d-00fc2p61****`. The returned result shows that the directory contains one SAML signing certificate.
 *
 * @param request ListExternalSAMLIdPCertificatesRequest
 * @return ListExternalSAMLIdPCertificatesResponse
 */
async function listExternalSAMLIdPCertificates(request: ListExternalSAMLIdPCertificatesRequest): ListExternalSAMLIdPCertificatesResponse {
  var runtime = new Util.RuntimeOptions{};
  return listExternalSAMLIdPCertificatesWithOptions(request, runtime);
}

model ListGroupMembersRequest {
  directoryId?: string(name='DirectoryId', description='The ID of the directory.', example='d-00fc2p61****'),
  groupId?: string(name='GroupId', description='The ID of the group.', example='g-00jqzghi2n3o5hkh****'),
  maxResults?: int32(name='MaxResults', description='The number of entries to return on each page.

Valid values: 1 to 100.

Default value: 10.', example='10'),
  nextToken?: string(name='NextToken', description='The token to return for the next page. If this is your first time to call this operation, you do not need to specify `NextToken` .

When you call this operation for the first time, if the total number of entries to return exceeds the value of `MaxResults`, the entries are truncated. Only the entries that match the value of `MaxResults` are returned, and the excess entries are not returned. In this case, the value of the response parameter `IsTruncated` is `true`, and `NextToken` is returned. In the next call, you can use the value of `NextToken` and maintain the settings of the other request parameters to query the excess entries. You can repeat the call until the value of `IsTruncated` becomes `false`. This way, all entries are returned.', example='K1c3o9K7pFxoTtxH1Nm7MMLb7zrDGvftYBQBPDVv7AD3a8yhRb3Mk8L9ivmN6bFSjfkZNTAg3h4****'),
}

model ListGroupMembersResponseBody = {
  groupMembers?: [ 
    {
      description?: string(name='Description', description='The description of the user.', example='This is a user.'),
      displayName?: string(name='DisplayName', description='The display name of the user.', example='Alice'),
      email?: string(name='Email', description='The email address of the user.', example='AliceLee@example.com'),
      groupId?: string(name='GroupId', description='The ID of the group.', example='g-00jqzghi2n3o5hkh****'),
      joinTime?: string(name='JoinTime', description='The time when the user was added to the user group.', example='2021-11-01T06:58:18Z'),
      provisionType?: string(name='ProvisionType', description='The type of the user. Valid values:

*   Manual: The user is manually created.
*   Synchronized: The user is synchronized from an external identity provider (IdP).', example='Manual'),
      status?: string(name='Status', description='The status of the user. Valid values:

*   Enabled: The logon of the user is enabled.
*   Disabled: The logon of the user is disabled.', example='Enabled'),
      userId?: string(name='UserId', description='The ID of the user.', example='u-00q8wbq42wiltcrk****'),
      userName?: string(name='UserName', description='The name of the user.', example='Alice'),
    }
  ](name='GroupMembers', description='The users in the group.'),
  isTruncated?: boolean(name='IsTruncated', description='Indicates whether the queried entries are truncated. Valid values:

*   true: The queried entries are truncated.
*   false: The queried entries are not truncated.', example='false'),
  maxResults?: int32(name='MaxResults', description='The number of entries returned per page.', example='10'),
  nextToken?: string(name='NextToken', description='The token that is returned for the next page.

>  This parameter is returned only when the value of `IsTruncated` is `true`.', example='K1c3o9K7pFxoTtxH1Nm7MMLb7zrDGvftYBQBPDVv7AD3a8yhRb3Mk8L9ivmN6bFSjfkZNTAg3h4****'),
  requestId?: string(name='RequestId', description='The ID of the request.', example='BB759F84-2C64-5C36-B6C6-253172C5C370'),
  totalCounts?: int32(name='TotalCounts', description='The total number of entries returned.', example='2'),
}

model ListGroupMembersResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: ListGroupMembersResponseBody(name='body'),
}

/**
 * @summary Queries the users in a group.
 *
 * @description This topic provides an example on how to query the users in the group `g-00jqzghi2n3o5hkh****`. The returned result shows that the group contains the user `Alice` and the user `user1`.
 *
 * @param request ListGroupMembersRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return ListGroupMembersResponse
 */
async function listGroupMembersWithOptions(request: ListGroupMembersRequest, runtime: Util.RuntimeOptions): ListGroupMembersResponse {
  Util.validateModel(request);
  var query = {};
  if (!Util.isUnset(request.directoryId)) {
    query['DirectoryId'] = request.directoryId;
  }
  if (!Util.isUnset(request.groupId)) {
    query['GroupId'] = request.groupId;
  }
  if (!Util.isUnset(request.maxResults)) {
    query['MaxResults'] = request.maxResults;
  }
  if (!Util.isUnset(request.nextToken)) {
    query['NextToken'] = request.nextToken;
  }
  var req = new OpenApi.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApi.Params{
    action = 'ListGroupMembers',
    version = '2021-05-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Queries the users in a group.
 *
 * @description This topic provides an example on how to query the users in the group `g-00jqzghi2n3o5hkh****`. The returned result shows that the group contains the user `Alice` and the user `user1`.
 *
 * @param request ListGroupMembersRequest
 * @return ListGroupMembersResponse
 */
async function listGroupMembers(request: ListGroupMembersRequest): ListGroupMembersResponse {
  var runtime = new Util.RuntimeOptions{};
  return listGroupMembersWithOptions(request, runtime);
}

model ListGroupsRequest {
  directoryId?: string(name='DirectoryId', description='The ID of the directory.', example='d-00fc2p61****'),
  filter?: string(name='Filter', description='The filter condition.

Specify the value in the `<Attribute> <Operator> <Value>` format. The value is not case sensitive. You can set `<Attribute>` only to `GroupName` and `<Operator>` only to `eq` or `sw`. The value eq indicates Equals. The value sw indicates Starts With.

For example, if you set Filter to GroupName sw test, the operation queries the groups whose names start with test. If you set Filter to GroupName eq testgroup, the operation queries the group whose name is testgroup.', example='GroupName eq testgroup'),
  maxResults?: int32(name='MaxResults', description='The number of entries to return on each page.

Valid values: 1 to 100.

Default value: 10.', example='10'),
  nextToken?: string(name='NextToken', description='The token to return for the next page. If this is your first time to call this operation, you do not need to specify `NextToken`.

When you call this operation for the first time, if the total number of entries to return exceeds the value of `MaxResults`, the entries are truncated. Only the entries that match the value of `MaxResults` are returned, and the excess entries are not returned. In this case, the value of the response parameter `IsTruncated` is `true`, and `NextToken` is returned. In the next call, you can use the value of `NextToken` and maintain the settings of the other request parameters to query the excess entries. You can repeat the call until the value of `IsTruncated` becomes `false`. This way, all entries are returned.', example='K1c3o9K7pFxoTtxH1Nm7MMLb7zrDGvftYBQBPDVv7AD3a8yhRb3Mk8L9ivmN6bFSjfkZNTAg3h4****'),
  provisionType?: string(name='ProvisionType', description='The type of the group. The type can be used to filter groups. Valid values:

*   Manual: The group is manually created.
*   Synchronized: The group is synchronized from an external identity provider (IdP).', example='Manual'),
}

model ListGroupsResponseBody = {
  groups?: [ 
    {
      createTime?: string(name='CreateTime', description='The time when the group was created.', example='2021-11-01T02:38:27Z'),
      description?: string(name='Description', description='The description of the group.', example='This is a group.'),
      groupId?: string(name='GroupId', description='The ID of the group.', example='g-00jqzghi2n3o5hkh****'),
      groupName?: string(name='GroupName', description='The name of the group.', example='TestGroup'),
      provisionType?: string(name='ProvisionType', description='The type of the group. Valid values:

*   Manual: The group is manually created.
*   Synchronized: The group is synchronized from an external IdP.', example='Manual'),
      updateTime?: string(name='UpdateTime', description='The time when the information about the group was modified.', example='2021-11-01T02:38:27Z'),
    }
  ](name='Groups', description='The groups.'),
  isTruncated?: boolean(name='IsTruncated', description='Indicates whether the queried entries are truncated. Valid values:

*   true: The queried entries are truncated.
*   false: The queried entries are not truncated.', example='false'),
  maxResults?: int32(name='MaxResults', description='The number of entries returned per page.', example='10'),
  nextToken?: string(name='NextToken', description='The token that is returned for the next page.

>  This parameter is returned only when the `IsTruncated` parameter is set to `true`.', example='K1c3o9K7pFxoTtxH1Nm7MMLb7zrDGvftYBQBPDVv7AD3a8yhRb3Mk8L9ivmN6bFSjfkZNTAg3h4****'),
  requestId?: string(name='RequestId', description='The ID of the request.', example='768F908D-A66A-5A5D-816C-20C93CBBFEE3'),
  totalCounts?: int32(name='TotalCounts', description='The total number of entries returned.', example='3'),
}

model ListGroupsResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: ListGroupsResponseBody(name='body'),
}

/**
 * @summary Queries groups.
 *
 * @description This topic provides an example on how to query the groups in the directory `d-00fc2p61****`. The returned result shows that the directory contains three groups. The groups `group1` and `group2` are synchronized from an external identity provider (IdP). The group `TestGroup` is manually created in CloudSSO.
 *
 * @param request ListGroupsRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return ListGroupsResponse
 */
async function listGroupsWithOptions(request: ListGroupsRequest, runtime: Util.RuntimeOptions): ListGroupsResponse {
  Util.validateModel(request);
  var query = {};
  if (!Util.isUnset(request.directoryId)) {
    query['DirectoryId'] = request.directoryId;
  }
  if (!Util.isUnset(request.filter)) {
    query['Filter'] = request.filter;
  }
  if (!Util.isUnset(request.maxResults)) {
    query['MaxResults'] = request.maxResults;
  }
  if (!Util.isUnset(request.nextToken)) {
    query['NextToken'] = request.nextToken;
  }
  if (!Util.isUnset(request.provisionType)) {
    query['ProvisionType'] = request.provisionType;
  }
  var req = new OpenApi.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApi.Params{
    action = 'ListGroups',
    version = '2021-05-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Queries groups.
 *
 * @description This topic provides an example on how to query the groups in the directory `d-00fc2p61****`. The returned result shows that the directory contains three groups. The groups `group1` and `group2` are synchronized from an external identity provider (IdP). The group `TestGroup` is manually created in CloudSSO.
 *
 * @param request ListGroupsRequest
 * @return ListGroupsResponse
 */
async function listGroups(request: ListGroupsRequest): ListGroupsResponse {
  var runtime = new Util.RuntimeOptions{};
  return listGroupsWithOptions(request, runtime);
}

model ListJoinedGroupsForUserRequest {
  directoryId?: string(name='DirectoryId', description='The ID of the directory.', example='d-00fc2p61****'),
  maxResults?: int32(name='MaxResults', description='The number of entries to return on each page.

Valid values: 1 to 100.

Default value: 10.', example='10'),
  nextToken?: string(name='NextToken', description='The token to return for the next page. If this is your first time to call this operation, you do not need to specify `NextToken` .

When you call this operation for the first time, if the total number of entries to return exceeds the value of `MaxResults`, the entries are truncated. Only the entries that match the value of `MaxResults` are returned, and the excess entries are not returned. In this case, the value of the response parameter `IsTruncated` is `true`, and `NextToken` is returned. In the next call, you can use the value of `NextToken` and maintain the settings of the other request parameters to query the excess entries. You can repeat the call until the value of `IsTruncated` becomes `false`. This way, all entries are returned.', example='K1c3o9K7pFxoTtxH1Nm7MMLb7zrDGvftYBQBPDVv7AD3a8yhRb3Mk8L9ivmN6bFSjfkZNTAg3h4****'),
  userId?: string(name='UserId', description='The ID of the user.', example='u-00q8wbq42wiltcrk****'),
}

model ListJoinedGroupsForUserResponseBody = {
  isTruncated?: boolean(name='IsTruncated', description='Indicates whether the queried entries are truncated. Valid values:

*   true: The queried entries are truncated.
*   false: The queried entries are not truncated.', example='false'),
  joinedGroups?: [ 
    {
      description?: string(name='Description', description='The description of the group.', example='This is a group.'),
      groupId?: string(name='GroupId', description='The ID of the group.', example='g-00jqzghi2n3o5hkh****'),
      groupName?: string(name='GroupName', description='The name of the group.', example='TestGroup'),
      joinTime?: string(name='JoinTime', description='The time when the user was added to the user group.', example='2021-11-01T06:58:18Z'),
      provisionType?: string(name='ProvisionType', description='The type of the group. Valid values:

*   Manual: The group is manually created.
*   Synchronized: The user is synchronized from an external identity provider (IdP).', example='Manual'),
      userId?: string(name='UserId', description='The ID of the user.', example='u-00q8wbq42wiltcrk****'),
    }
  ](name='JoinedGroups', description='The groups to which the user is added.'),
  maxResults?: int32(name='MaxResults', description='The number of entries returned per page.', example='10'),
  nextToken?: string(name='NextToken', description='The token that is returned for the next page.

>  This parameter is returned only when the value of `IsTruncated` is `true`.', example='K1c3o9K7pFxoTtxH1Nm7MMLb7zrDGvftYBQBPDVv7AD3a8yhRb3Mk8L9ivmN6bFSjfkZNTAg3h4****'),
  requestId?: string(name='RequestId', description='The ID of the request.', example='E9BBB45F-7877-5DE9-96A5-20E6CFA48929'),
  totalCounts?: int32(name='TotalCounts', description='The total number of entries returned.', example='2'),
}

model ListJoinedGroupsForUserResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: ListJoinedGroupsForUserResponseBody(name='body'),
}

/**
 * @summary Queries the groups to which a user is added.
 *
 * @description This topic provides an example on how to query the groups to which the user `u-00q8wbq42wiltcrk****` is added. The returned result shows that the user is added to both the `TestGroup` and the `group1` groups.
 *
 * @param request ListJoinedGroupsForUserRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return ListJoinedGroupsForUserResponse
 */
async function listJoinedGroupsForUserWithOptions(request: ListJoinedGroupsForUserRequest, runtime: Util.RuntimeOptions): ListJoinedGroupsForUserResponse {
  Util.validateModel(request);
  var query = {};
  if (!Util.isUnset(request.directoryId)) {
    query['DirectoryId'] = request.directoryId;
  }
  if (!Util.isUnset(request.maxResults)) {
    query['MaxResults'] = request.maxResults;
  }
  if (!Util.isUnset(request.nextToken)) {
    query['NextToken'] = request.nextToken;
  }
  if (!Util.isUnset(request.userId)) {
    query['UserId'] = request.userId;
  }
  var req = new OpenApi.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApi.Params{
    action = 'ListJoinedGroupsForUser',
    version = '2021-05-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Queries the groups to which a user is added.
 *
 * @description This topic provides an example on how to query the groups to which the user `u-00q8wbq42wiltcrk****` is added. The returned result shows that the user is added to both the `TestGroup` and the `group1` groups.
 *
 * @param request ListJoinedGroupsForUserRequest
 * @return ListJoinedGroupsForUserResponse
 */
async function listJoinedGroupsForUser(request: ListJoinedGroupsForUserRequest): ListJoinedGroupsForUserResponse {
  var runtime = new Util.RuntimeOptions{};
  return listJoinedGroupsForUserWithOptions(request, runtime);
}

model ListMFADevicesForUserRequest {
  directoryId?: string(name='DirectoryId', description='The ID of the directory.', example='d-00fc2p61****'),
  userId?: string(name='UserId', description='The ID of the user.', example='u-00q8wbq42wiltcrk****'),
}

model ListMFADevicesForUserResponseBody = {
  MFADevices?: [ 
    {
      deviceId?: string(name='DeviceId', description='The ID of the MFA device.', example='mfa-00ujhet8pycljj7j****'),
      deviceName?: string(name='DeviceName', description='The name of the MFA device.', example='Alice-MFA1'),
      deviceType?: string(name='DeviceType', description='The type of the MFA device. The value is fixed as TOTP, which indicates a virtual MFA device. Virtual MFA devices are based on the Time-based One-time Password (TOTP) algorithm.', example='TOTP'),
      effectiveTime?: string(name='EffectiveTime', description='The time when the MFA device was enabled.', example='2021-10-29T09:14:06Z'),
      userId?: string(name='UserId', description='The ID of the user.', example='u-00q8wbq42wiltcrk****'),
    }
  ](name='MFADevices', description='The MFA devices.'),
  requestId?: string(name='RequestId', description='The ID of the request.', example='8B9982ED-FD0D-5622-8EA0-7B768685DCE7'),
  totalCounts?: int32(name='TotalCounts', description='The total number of MFA devices.', example='1'),
}

model ListMFADevicesForUserResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: ListMFADevicesForUserResponseBody(name='body'),
}

/**
 * @summary Queries the multi-factor authentication (MFA) devices that are bound to a user. Up to two MFA devices can be bound to a user.
 *
 * @description This topic provides an example on how to query the MFA devices that are bound to the user `u-00q8wbq42wiltcrk****`. The returned result shows that the MFA device named `Alice-MFA1` is bound to the user.
 *
 * @param request ListMFADevicesForUserRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return ListMFADevicesForUserResponse
 */
async function listMFADevicesForUserWithOptions(request: ListMFADevicesForUserRequest, runtime: Util.RuntimeOptions): ListMFADevicesForUserResponse {
  Util.validateModel(request);
  var query = {};
  if (!Util.isUnset(request.directoryId)) {
    query['DirectoryId'] = request.directoryId;
  }
  if (!Util.isUnset(request.userId)) {
    query['UserId'] = request.userId;
  }
  var req = new OpenApi.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApi.Params{
    action = 'ListMFADevicesForUser',
    version = '2021-05-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Queries the multi-factor authentication (MFA) devices that are bound to a user. Up to two MFA devices can be bound to a user.
 *
 * @description This topic provides an example on how to query the MFA devices that are bound to the user `u-00q8wbq42wiltcrk****`. The returned result shows that the MFA device named `Alice-MFA1` is bound to the user.
 *
 * @param request ListMFADevicesForUserRequest
 * @return ListMFADevicesForUserResponse
 */
async function listMFADevicesForUser(request: ListMFADevicesForUserRequest): ListMFADevicesForUserResponse {
  var runtime = new Util.RuntimeOptions{};
  return listMFADevicesForUserWithOptions(request, runtime);
}

model ListPermissionPoliciesInAccessConfigurationRequest {
  accessConfigurationId?: string(name='AccessConfigurationId', description='The ID of the access configuration.', example='ac-00jhtfl8thteu6uj****'),
  directoryId?: string(name='DirectoryId', description='The ID of the directory.', example='d-00fc2p61****'),
  permissionPolicyType?: string(name='PermissionPolicyType', description='The type of the policy. The type can be used to filter policies. Valid values:

*   System: system policy
*   Inline: inline policy

If you do not specify this parameter, all types of policies are queried.', example='System'),
}

model ListPermissionPoliciesInAccessConfigurationResponseBody = {
  permissionPolicies?: [ 
    {
      addTime?: string(name='AddTime', description='The time when the policy was created for the access configuration.', example='2021-11-03T06:37:25Z'),
      permissionPolicyDocument?: string(name='PermissionPolicyDocument', description='The configurations of the inline policy.

>  This parameter is returned only when the value of the PermissionPolicyType parameter is Inline.', example='{\\\\"Statement\\\\": [{\\\\"Action\\\\": \\\\"*\\\\",\\\\"Effect\\\\": \\\\"Allow\\\\",\\\\"Resource\\\\": \\\\"*\\\\"}],\\\\"Version\\\\": \\\\"1\\\\"}'),
      permissionPolicyName?: string(name='PermissionPolicyName', description='The name of the policy.', example='AliyunECSFullAccess'),
      permissionPolicyType?: string(name='PermissionPolicyType', description='The type of the policy.', example='System'),
    }
  ](name='PermissionPolicies', description='The policies.'),
  requestId?: string(name='RequestId', description='The ID of the request.', example='3A5E771F-1F5A-5555-A64E-579748AAFD98'),
  totalCounts?: int32(name='TotalCounts', description='The total number of policies.', example='2'),
}

model ListPermissionPoliciesInAccessConfigurationResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: ListPermissionPoliciesInAccessConfigurationResponseBody(name='body'),
}

/**
 * @summary Queries the policies that are created for an access configuration.
 *
 * @description This topic provides an example on how to query the policies that are created for the access configuration `ac-00jhtfl8thteu6uj****`. The returned result shows that the access configuration contains one system policy and one inline policy.
 *
 * @param request ListPermissionPoliciesInAccessConfigurationRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return ListPermissionPoliciesInAccessConfigurationResponse
 */
async function listPermissionPoliciesInAccessConfigurationWithOptions(request: ListPermissionPoliciesInAccessConfigurationRequest, runtime: Util.RuntimeOptions): ListPermissionPoliciesInAccessConfigurationResponse {
  Util.validateModel(request);
  var query = {};
  if (!Util.isUnset(request.accessConfigurationId)) {
    query['AccessConfigurationId'] = request.accessConfigurationId;
  }
  if (!Util.isUnset(request.directoryId)) {
    query['DirectoryId'] = request.directoryId;
  }
  if (!Util.isUnset(request.permissionPolicyType)) {
    query['PermissionPolicyType'] = request.permissionPolicyType;
  }
  var req = new OpenApi.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApi.Params{
    action = 'ListPermissionPoliciesInAccessConfiguration',
    version = '2021-05-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Queries the policies that are created for an access configuration.
 *
 * @description This topic provides an example on how to query the policies that are created for the access configuration `ac-00jhtfl8thteu6uj****`. The returned result shows that the access configuration contains one system policy and one inline policy.
 *
 * @param request ListPermissionPoliciesInAccessConfigurationRequest
 * @return ListPermissionPoliciesInAccessConfigurationResponse
 */
async function listPermissionPoliciesInAccessConfiguration(request: ListPermissionPoliciesInAccessConfigurationRequest): ListPermissionPoliciesInAccessConfigurationResponse {
  var runtime = new Util.RuntimeOptions{};
  return listPermissionPoliciesInAccessConfigurationWithOptions(request, runtime);
}

model ListSCIMServerCredentialsRequest {
  directoryId?: string(name='DirectoryId', description='The ID of the directory.', example='d-00fc2p61****'),
}

model ListSCIMServerCredentialsResponseBody = {
  requestId?: string(name='RequestId', description='The ID of the request.', example='FE4B7037-C315-5DD5-826E-57A87950BCD1'),
  SCIMServerCredentials?: [ 
    {
      createTime?: string(name='CreateTime', description='The time when the SCIM credential was created.', example='2021-11-09T08:12:52Z'),
      credentialId?: string(name='CredentialId', description='The ID of the SCIM credential.', example='scimcred-004whl0kvfwcypbi****'),
      credentialType?: string(name='CredentialType', description='The type of the SCIM credential.', example='BearerToken'),
      directoryId?: string(name='DirectoryId', description='The ID of the directory.', example='d-00fc2p61****'),
      expireTime?: string(name='ExpireTime', description='The time when the SCIM credential expires.', example='2022-11-09T08:12:52Z'),
      status?: string(name='Status', description='The status of the SCIM credential. Valid values:

*   Enabled: The SCIM credential is enabled.
*   Disabled: The SCIM credential is disabled.', example='Enabled'),
    }
  ](name='SCIMServerCredentials', description='The SCIM credentials.'),
  totalCounts?: int32(name='TotalCounts', description='The total number of entries returned.', example='1'),
}

model ListSCIMServerCredentialsResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: ListSCIMServerCredentialsResponseBody(name='body'),
}

/**
 * @summary Queries Cross-domain Identity Management (SCIM) credentials.
 *
 * @description This topic provides an example on how to query the SCIM credentials within the `d-00fc2p61****` directory.
 *
 * @param request ListSCIMServerCredentialsRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return ListSCIMServerCredentialsResponse
 */
async function listSCIMServerCredentialsWithOptions(request: ListSCIMServerCredentialsRequest, runtime: Util.RuntimeOptions): ListSCIMServerCredentialsResponse {
  Util.validateModel(request);
  var query = {};
  if (!Util.isUnset(request.directoryId)) {
    query['DirectoryId'] = request.directoryId;
  }
  var req = new OpenApi.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApi.Params{
    action = 'ListSCIMServerCredentials',
    version = '2021-05-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Queries Cross-domain Identity Management (SCIM) credentials.
 *
 * @description This topic provides an example on how to query the SCIM credentials within the `d-00fc2p61****` directory.
 *
 * @param request ListSCIMServerCredentialsRequest
 * @return ListSCIMServerCredentialsResponse
 */
async function listSCIMServerCredentials(request: ListSCIMServerCredentialsRequest): ListSCIMServerCredentialsResponse {
  var runtime = new Util.RuntimeOptions{};
  return listSCIMServerCredentialsWithOptions(request, runtime);
}

model ListTasksRequest {
  accessConfigurationId?: string(name='AccessConfigurationId', description='The ID of the access configuration. The ID can be used to filter access permissions.', example='ac-00jhtfl8thteu6uj****'),
  directoryId?: string(name='DirectoryId', description='The ID of the directory.', example='d-00fc2p61****'),
  filter?: string(name='Filter', description='The filter condition.

The condition is not case-sensitive. The condition must be in the StartTime ge YYYY-MM-DDTHH:mm:SSZ format. You must set YYYY-MM-DDTHH:mm:SSZ to a value that is no more than 7 days from the current time. ge indicates Greater Than or Equals.

For example, if you set the Filter parameter to StartTime ge 2021-03-15T01:12:23Z, the operation queries the tasks from 2021-03-15T01:12:23 GMT.

>  If you do not specify this parameter, the operation queries the tasks within the previous 24 hours by default.', example='StartTime ge 2021-03-15T01:12:23Z'),
  maxResults?: int32(name='MaxResults', description='The maximum number of entries per page.

Valid values: 1 to 20.

Default value: 10.', example='10'),
  nextToken?: string(name='NextToken', description='The pagination token that is used in the next request to retrieve a new page of results. If this is your first time to call this operation, you do not need to specify the `NextToken` parameter.

When you call this operation for the first time, if the total number of entries to return exceeds the value of `MaxResults`, the entries are truncated. Only the entries that match the value of `MaxResults` are returned, and the excess entries are not returned. In this case, the value of the response parameter `IsTruncated` is `true`, and `NextToken` is returned. In the next call, you can use the value of `NextToken` and maintain the settings of the other request parameters to query the excess entries. You can repeat the call until the value of `IsTruncated` becomes `false`. This way, all entries are returned.', example='K1c3o9K7pFxoTtxH1Nm7MMLb7zrDGvftYBQBPDVv7AD3a8yhRb3Mk8L9ivmN6bFSjfkZNTAg3h4****'),
  principalId?: string(name='PrincipalId', description='The ID of the CloudSSO identity. The ID can be used to filter access permissions.

*   If you set `PrincipalType` to `User`, set `PrincipalId` to the ID of the CloudSSO user.
*   If you set `PrincipalType` to `Group`, set `PrincipalId` to the ID of the CloudSSO group.

>  You can use the type to filter access permissions only if you specify both `PrincipalId` and `PrincipalType`.', example='u-00q8wbq42wiltcrk****'),
  principalType?: string(name='PrincipalType', description='The type of the CloudSSO identity. The type can be used to filter access permissions. Valid values:

*   User
*   Group

>  You can use the type to filter access permissions only if you specify both `PrincipalId` and `PrincipalType`.', example='User'),
  status?: string(name='Status', description='The ID of the task. The ID can be used to filter tasks. Valid values:

*   InProgress: The task is running.
*   Success: The task is successful.
*   Failed: The task failed.', example='Success'),
  targetId?: string(name='TargetId', description='The ID of the task object. The ID can be used to filter access permissions.

>  You can use the type to filter access permissions only if you specify both `TargetId` and `TargetType`.', example='114240524784****'),
  targetType?: string(name='TargetType', description='The type of the task object. The type can be used to filter access permissions.

Set the value to RD-Account, which specifies the accounts in the resource directory.

>  You can use the type to filter access permissions only if you specify both `TargetId` and `TargetType`.', example='RD-Account'),
  taskType?: string(name='TaskType', description='The type of the task. The type can be used to filter tasks. Valid values:

*   ProvisionAccessConfiguration: An access configuration is provisioned.
*   DeprovisionAccessConfiguration: An access configuration is de-provisioned.
*   CreateAccessAssignment: Access permissions on an account in the resource directory are assigned.
*   DeleteAccessAssignment: Access permissions on an account in the resource directory are removed.', example='CreateAccessAssignment'),
}

model ListTasksResponseBody = {
  isTruncated?: boolean(name='IsTruncated', description='Indicates whether the queried entries are truncated. Valid values:

*   true
*   false', example='false'),
  maxResults?: int32(name='MaxResults', description='The maximum number of entries returned per page.', example='10'),
  nextToken?: string(name='NextToken', description='The returned value of NextToken is a pagination token, which can be used in the next request to retrieve a new page of results.

>  This parameter is returned only when the value of `IsTruncated` is `true`.', example='K1c3o9K7pFxoTtxH1Nm7MMLb7zrDGvftYBQBPDVv7AD3a8yhRb3Mk8L9ivmN6bFSjfkZNTAg3h4****'),
  requestId?: string(name='RequestId', description='The request ID.', example='C0DA2DFC-EB18-59EF-BD82-C30862EBA3A3'),
  tasks?: [ 
    {
      accessConfigurationId?: string(name='AccessConfigurationId', description='The ID of the access configuration.', example='ac-00jhtfl8thteu6uj****'),
      accessConfigurationName?: string(name='AccessConfigurationName', description='The name of the access configuration.', example='ECS-Admin'),
      endTime?: string(name='EndTime', description='The end time of the task.', example='2021-11-09T05:50:50Z'),
      failureReason?: string(name='FailureReason', description='The cause of the task failure.

>  This parameter is returned only when the value of `Status` is `Failed`.', example='No Permission.'),
      principalId?: string(name='PrincipalId', description='The ID of the CloudSSO identity.', example='u-00q8wbq42wiltcrk****'),
      principalName?: string(name='PrincipalName', description='The name of the CloudSSO identity.', example='Alice'),
      principalType?: string(name='PrincipalType', description='The type of the CloudSSO identity. Valid values:

*   User
*   Group', example='User'),
      startTime?: string(name='StartTime', description='The start time of the task.', example='2021-11-09T05:50:50Z'),
      status?: string(name='Status', description='The task status. Valid values:

*   InProgress: The task is running.
*   Success: The task is successful.
*   Failed: The task failed.', example='Success'),
      targetId?: string(name='TargetId', description='The ID of the task object.', example='114240524784****'),
      targetName?: string(name='TargetName', description='The name of the task object.', example='dev-test'),
      targetPath?: string(name='TargetPath', description='The path ID of the task object in the resource directory.'),
      targetPathName?: string(name='TargetPathName', description='The path name of the task object in the resource directory.'),
      targetType?: string(name='TargetType', description='The type of the task object.

The value is fixed as RD-Account, which indicates the accounts in the resource directory.', example='RD-Account'),
      taskId?: string(name='TaskId', description='The ID of the job.', example='t-sh5k4gesm6twlrqb****'),
      taskType?: string(name='TaskType', description='The task type. Valid values:

*   ProvisionAccessConfiguration: An access configuration is provisioned.
*   DeprovisionAccessConfiguration: An access configuration is de-provisioned.
*   CreateAccessAssignment: Access permissions on an account in the resource directory are assigned.
*   DeleteAccessAssignment: Access permissions on an account in the resource directory are removed.', example='CreateAccessAssignment'),
    }
  ](name='Tasks', description='The tasks.'),
  totalCounts?: int32(name='TotalCounts', description='The total number of entries returned.', example='1'),
}

model ListTasksResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: ListTasksResponseBody(name='body'),
}

/**
 * @summary Queries asynchronous tasks.
 *
 * @description By default, this operation queries the tasks within the previous 24 hours. This operation allows you to query the tasks within a maximum of 7 days. You can specify the start time of the query by using `Filter`.
 * This topic provides an example on how to query the tasks within the previous 24 hours.
 *
 * @param request ListTasksRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return ListTasksResponse
 */
async function listTasksWithOptions(request: ListTasksRequest, runtime: Util.RuntimeOptions): ListTasksResponse {
  Util.validateModel(request);
  var query = {};
  if (!Util.isUnset(request.accessConfigurationId)) {
    query['AccessConfigurationId'] = request.accessConfigurationId;
  }
  if (!Util.isUnset(request.directoryId)) {
    query['DirectoryId'] = request.directoryId;
  }
  if (!Util.isUnset(request.filter)) {
    query['Filter'] = request.filter;
  }
  if (!Util.isUnset(request.maxResults)) {
    query['MaxResults'] = request.maxResults;
  }
  if (!Util.isUnset(request.nextToken)) {
    query['NextToken'] = request.nextToken;
  }
  if (!Util.isUnset(request.principalId)) {
    query['PrincipalId'] = request.principalId;
  }
  if (!Util.isUnset(request.principalType)) {
    query['PrincipalType'] = request.principalType;
  }
  if (!Util.isUnset(request.status)) {
    query['Status'] = request.status;
  }
  if (!Util.isUnset(request.targetId)) {
    query['TargetId'] = request.targetId;
  }
  if (!Util.isUnset(request.targetType)) {
    query['TargetType'] = request.targetType;
  }
  if (!Util.isUnset(request.taskType)) {
    query['TaskType'] = request.taskType;
  }
  var req = new OpenApi.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApi.Params{
    action = 'ListTasks',
    version = '2021-05-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Queries asynchronous tasks.
 *
 * @description By default, this operation queries the tasks within the previous 24 hours. This operation allows you to query the tasks within a maximum of 7 days. You can specify the start time of the query by using `Filter`.
 * This topic provides an example on how to query the tasks within the previous 24 hours.
 *
 * @param request ListTasksRequest
 * @return ListTasksResponse
 */
async function listTasks(request: ListTasksRequest): ListTasksResponse {
  var runtime = new Util.RuntimeOptions{};
  return listTasksWithOptions(request, runtime);
}

model ListUserProvisioningEventsRequest {
  directoryId?: string(name='DirectoryId', description='The ID of the resource directory.', example='d-00xz91nf****'),
  maxResults?: int32(name='MaxResults', description='The maximum number of entries per page.

Valid values: 1 to 100.

Default value: 10.', example='10'),
  nextToken?: string(name='NextToken', description='The token that is used to initiate the next request. If this is your first time to call this operation, you do not need to specify the `NextToken` parameter.

When you call this operation for the first time, if the total number of entries to return is larger than the value of `MaxResults`, the entries are truncated. The system returns entries based on the value of `MaxResults`, and does not return the excess entries. In this case, the value of the response parameter `IsTruncated` is `true`, and `NextToken` is returned. In the next call, you can use the value of `NextToken` and maintain the settings of the other request parameters to query the excess entries. You can repeat the call until the value of `IsTruncated` becomes `false`. This way, all entries are returned.', example='K1c3o9K7pFxoTtxH1Nm7MMLb7zrDGvftYBQBPDVv7AD3a8yhRb3Mk8L9ivmN6bFSjfkZNTAg3h4****'),
  userProvisioningId?: string(name='UserProvisioningId', description='The ID of the RAM user provisioning.', example='up-002axzhapcbz6e63****'),
}

model ListUserProvisioningEventsResponseBody = {
  isTruncated?: boolean(name='IsTruncated', description='Indicates whether the queried entries are truncated. Valid values:

*   true
*   false', example='false'),
  maxResults?: int32(name='MaxResults', description='The maximum number of entries per page.

Valid values: 1 to 100.

Default value: 10.', example='10'),
  nextToken?: string(name='NextToken', description='The token that is used to initiate the next request.

>  This parameter is returned only when the `IsTruncated` parameter is set to `true`.', example='2eEMmhmLa1b7Bbj9UzCgZUGj8DpDeG5TbNknuNKNP2h84KjJRnAb7vzzSDkYNmsidnAybyJYBfnPPB6xfgw54B1Wub2KQmC8LofzqBW2Y****'),
  requestId?: string(name='RequestId', description='The request ID.', example='0D85B43D-EF98-396D-B426-837E428D2D39'),
  totalCounts?: int32(name='TotalCounts', description='The total number of entries returned.', example='110'),
  userProvisioningEvents?: [ 
    {
      createTime?: string(name='CreateTime', description='The creation time. The time is displayed in UTC.', example='2022-11-28T03:55:55Z'),
      deletionStrategy?: string(name='DeletionStrategy', description='The deletion policy. The policy is used to manage synchronized users when you delete the RAM user provisioning. Valid values:

*   Delete: When you delete the RAM user provisioning, the system deletes the synchronized users.
*   Keep: When you delete the RAM user provisioning, the system retains the synchronized users.', example='Keep'),
      directoryId?: string(name='DirectoryId', description='The ID of the resource directory.', example='d-003qew84****'),
      duplicationStrategy?: string(name='DuplicationStrategy', description='The conflict handling policy. The policy is used when a RAM user has the same username as the CloudSSO user who is synchronized to RAM. Valid values:

*   KeepBoth: When a CloudSSO user is synchronized to RAM, if a RAM user who has the same username as the CloudSSO user exists, the system creates a RAM user whose username is the username of the CloudSSO user plus the suffix `_sso`.
*   TakeOver: When a CloudSSO user is synchronized to RAM, if a RAM user who has the same username as the CloudSSO user exists, the system replaces the RAM user with the CloudSSO user.', example='KeepBoth'),
      errorCount?: long(name='ErrorCount', description='The number of execution failures.', example='1'),
      errorInfo?: string(name='ErrorInfo', description='The error message that is displayed when the last execution of the RAM user provisioning event failed.', example='OperationConflict.UserProvisioning.Process.fail.ImsUserExists'),
      eventId?: string(name='EventId', description='The ID of the RAM user provisioning event.', example='upe-wjKyNDmZvyZOiRcJ****'),
      latestAsyncTime?: string(name='LatestAsyncTime', description='The time at which the RAM user provisioning event was last executed. The time is displayed in UTC.', example='2022-11-28T03:55:55Z'),
      principalId?: string(name='PrincipalId', description='The identity ID of the RAM user provisioning. Valid values:

*   If you set the `PrincipalType` parameter to `Group`, the value of this parameter is the ID of a CloudSSO user group (g-\\\\*\\\\*\\\\*\\\\*\\\\*\\\\*\\\\*\\\\*).
*   If you set the `PrincipalType` parameter to `User`, the value of this parameter is the ID of a CloudSSO user (u-\\\\*\\\\*\\\\*\\\\*\\\\*\\\\*\\\\*\\\\*).', example='g-02ha881d*****'),
      principalName?: string(name='PrincipalName', description='The identity name of the RAM user provisioning. Valid values:

*   If `Group` is returned for the `PrincipalType` parameter, the value of this parameter is the name of a CloudSSO user group.
*   If `User` is returned for the `PrincipalType` parameter, the value of this parameter is the name of a CloudSSO user.', example='exampleGroupName'),
      principalType?: string(name='PrincipalType', description='The identity type of the RAM user provisioning. Valid values:

*   User: The identity of the RAM user provisioning is a CloudSSO user.
*   Group: The identity of the RAM user provisioning is a CloudSSO user group.', example='Group'),
      sourceType?: string(name='SourceType', description='The type of the source operation. Valid values:

*   StartProvisioning: enables the RAM user provisioning.
*   DeleteProvisioning: deletes the RAM user provisioning.
*   AddUserToGroup: adds a user to a user group.
*   RemoveUserFromGroup: removes a user from a user group.
*   UserProvisioningDeletionClearing: deletes the RAM user provisioning and clears resources in the background.', example='StartProvisioning'),
      targetId?: string(name='TargetId', description='The ID of the object for which you create the RAM user provisioning.

The value is fixed as the ID of the account in the resource directory.````', example='153218*******'),
      targetName?: string(name='TargetName', description='The name of the object for which you create the RAM user provisioning.

If `RD-Account` is returned, the value of this parameter is the name of the account that is used to access the instance.``', example='exampleRdMember'),
      targetPath?: string(name='TargetPath', description='The path of the resource directory in which you create the RAM user provisioning for the member.'),
      targetType?: string(name='TargetType', description='The object for which you create the RAM user provisioning. The value is fixed as `RD-Account`.', example='RD-Account'),
      updateTime?: string(name='UpdateTime', description='The modification time. The time is displayed in UTC.', example='2022-11-28T03:55:55Z'),
      userProvisioningId?: string(name='UserProvisioningId', description='The ID of the RAM user provisioning.', example='up-002axzhapcbz6e63****'),
    }
  ](name='UserProvisioningEvents', description='The RAM user provisioning events.'),
}

model ListUserProvisioningEventsResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: ListUserProvisioningEventsResponseBody(name='body'),
}

/**
 * @summary Queries Resource Access Management (RAM) user provisioning events.
 *
 * @param request ListUserProvisioningEventsRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return ListUserProvisioningEventsResponse
 */
async function listUserProvisioningEventsWithOptions(request: ListUserProvisioningEventsRequest, runtime: Util.RuntimeOptions): ListUserProvisioningEventsResponse {
  Util.validateModel(request);
  var query = {};
  if (!Util.isUnset(request.directoryId)) {
    query['DirectoryId'] = request.directoryId;
  }
  if (!Util.isUnset(request.maxResults)) {
    query['MaxResults'] = request.maxResults;
  }
  if (!Util.isUnset(request.nextToken)) {
    query['NextToken'] = request.nextToken;
  }
  if (!Util.isUnset(request.userProvisioningId)) {
    query['UserProvisioningId'] = request.userProvisioningId;
  }
  var req = new OpenApi.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApi.Params{
    action = 'ListUserProvisioningEvents',
    version = '2021-05-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Queries Resource Access Management (RAM) user provisioning events.
 *
 * @param request ListUserProvisioningEventsRequest
 * @return ListUserProvisioningEventsResponse
 */
async function listUserProvisioningEvents(request: ListUserProvisioningEventsRequest): ListUserProvisioningEventsResponse {
  var runtime = new Util.RuntimeOptions{};
  return listUserProvisioningEventsWithOptions(request, runtime);
}

model ListUserProvisioningsRequest {
  directoryId?: string(name='DirectoryId', description='The ID of the resource directory.', example='d-003qew84****'),
  maxResults?: int32(name='MaxResults', description='The maximum number of entries per page.

Valid values: 1 to 100.

Default value: 10.', example='100'),
  nextToken?: string(name='NextToken', description='The token that is used to initiate the next request. If this is your first time to call this operation, you do not need to specify the `NextToken` parameter.

When you call this operation for the first time, if the total number of entries to return is larger than the value of `MaxResults`, the entries are truncated. The system returns entries based on the value of `MaxResults`, and does not return the excess entries. In this case, the value of the response parameter `IsTruncated` is `true`, and `NextToken` is returned. In the next call, you can use the value of `NextToken` and maintain the settings of the other request parameters to query the excess entries. You can repeat the call until the value of `IsTruncated` becomes `false`. This way, all entries are returned.', example='27EbL9j4ZgZjsMZFqbZFgbwQ1VXFU1Khcpx9e2vrW1zwzTBmTGWaM7ixHhRin8SCsxaJdazYVCzeKc2UF2QkyGb83cPhr8ZxrzoaiTd****'),
  principalId?: string(name='PrincipalId', description='The identity ID of the RAM user provisioning. Valid values:

*   If `Group` is returned for the `PrincipalType` parameter, the value of this parameter is the ID of a CloudSSO user group (g-\\\\*\\\\*\\\\*\\\\*\\\\*\\\\*\\\\*\\\\*).
*   If `User` is returned for the `PrincipalType` parameter, the value of this parameter is the ID of a CloudSSO user (u-\\\\*\\\\*\\\\*\\\\*\\\\*\\\\*\\\\*\\\\*).', example='u-88d73u*****'),
  principalType?: string(name='PrincipalType', description='The identity type of the RAM user provisioning. Valid values:

*   User: The identity of the RAM user provisioning is a CloudSSO user.
*   Group: The identity of the RAM user provisioning is a CloudSSO user group.', example='RD-Account'),
  targetId?: string(name='TargetId', description='The ID of the object for which you create the RAM user provisioning. The value is fixed as the ID of the member in the resource directory.', example='1743382******'),
  targetType?: string(name='TargetType', description='The object for which you create the RAM user provisioning. The value is fixed as `RD-Account`.', example='User'),
}

model ListUserProvisioningsResponseBody = {
  isTruncated?: boolean(name='IsTruncated', description='Indicates whether the queried entries are truncated. Valid values:

*   true
*   false', example='true'),
  maxResults?: int32(name='MaxResults', description='The maximum number of entries per page.

Valid values: 1 to 100.

Default value: 10.', example='100'),
  nextToken?: string(name='NextToken', description='The token that is used to initiate the next request.

>  This parameter is returned only when the `IsTruncated` parameter is set to `true`.', example='27EbL9j4ZgZjsMZFqbZFgbwQ1VXFU1Khcpx9e2vrW1zwzTBmTGWaM7ixHhRin8SCsxaJdazYVCzeKc2UF2QkyGb83cPhr8ZxrzoaiTd****'),
  requestId?: string(name='RequestId', description='The request ID.', example='F76AF4FC-****-****-B7CB-74F3********'),
  totalCounts?: int32(name='TotalCounts', description='The total number of entries returned.', example='110'),
  userProvisionings?: [ 
    {
      createTime?: string(name='CreateTime', description='The creation time.', example='2022-11-28T03:55:42Z'),
      deletionStrategy?: string(name='DeletionStrategy', description='The deletion policy. The policy is used to manage synchronized users when you delete the RAM user provisioning. Valid values:

*   Delete: When you delete the RAM user provisioning, the system deletes the synchronized users.
*   Keep: When you delete the RAM user provisioning, the system retains the synchronized users.', example='Delete'),
      description?: string(name='Description', description='The description.', example='this is a user provisioning.'),
      directoryId?: string(name='DirectoryId', description='The ID of the resource directory.', example='d-003qew84****'),
      duplicationStrategy?: string(name='DuplicationStrategy', description='The conflict handling policy. The policy is used when a RAM user has the same username as the CloudSSO user who is synchronized to RAM. Valid values:

*   KeepBoth: When a CloudSSO user is synchronized to RAM, if a RAM user who has the same username as the CloudSSO user exists, the system creates a RAM user whose username is the username of the CloudSSO user plus the suffix `_sso`.
*   TakeOver: When a CloudSSO user is synchronized to RAM, if a RAM user who has the same username as the CloudSSO user exists, the system replaces the RAM user with the CloudSSO user.', example='KeepBoth'),
      ownerPk?: string(name='OwnerPk', description='The ID of the Alibaba Cloud account to which the resource directory belongs.', example='1639738******'),
      principalId?: string(name='PrincipalId', description='The identity ID of the RAM user provisioning. Valid values:

*   If `Group` is returned for the `PrincipalType` parameter, the value of this parameter is the ID of a CloudSSO user group (g-\\\\*\\\\*\\\\*\\\\*\\\\*\\\\*\\\\*\\\\*).
*   If `User` is returned for the `PrincipalType` parameter, the value of this parameter is the ID of a CloudSSO user (u-\\\\*\\\\*\\\\*\\\\*\\\\*\\\\*\\\\*\\\\*).', example='g-02ha881d*****'),
      principalName?: string(name='PrincipalName', description='The identity name of the RAM user provisioning. Valid values:

*   If `Group` is returned for the `PrincipalType` parameter, the value of this parameter is the name of a CloudSSO user group.
*   If `User` is returned for the `PrincipalType` parameter, the value of this parameter is the name of a CloudSSO user.', example='testGroupName'),
      principalType?: string(name='PrincipalType', description='The identity type of the RAM user provisioning. Valid values:

*   User: The identity of the RAM user provisioning is a CloudSSO user.
*   Group: The identity of the RAM user provisioning is a CloudSSO user group.', example='Group'),
      status?: string(name='Status', description='The status of the RAM user provisioning. Valid values:

*   Enabled
*   Disabled', example='Enabled'),
      targetId?: string(name='TargetId', description='The ID of the object for which you create the RAM user provisioning. The value is fixed as the ID of the member in the resource directory.', example='1743382******'),
      targetName?: string(name='TargetName', description='The object for which you create the RAM user provisioning. The value is fixed as `RD-Account`.', example='testRdMember'),
      targetPath?: string(name='TargetPath', description='The path of the resource directory in which you create the RAM user provisioning for the object.'),
      targetType?: string(name='TargetType', description='The object for which you create the RAM user provisioning. The value is fixed as `RD-Account`.', example='RD-Account'),
      updateTime?: string(name='UpdateTime', description='The modification time.', example='2022-11-28T03:55:42Z'),
      userProvisioningId?: string(name='UserProvisioningId', description='The ID of the RAM user provisioning.', example='up-002axzhapcbz6e63****'),
    }
  ](name='UserProvisionings', description='The RAM user provisionings.'),
}

model ListUserProvisioningsResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: ListUserProvisioningsResponseBody(name='body'),
}

/**
 * @summary Queries Resource Access Management (RAM) user provisionings.
 *
 * @param request ListUserProvisioningsRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return ListUserProvisioningsResponse
 */
async function listUserProvisioningsWithOptions(request: ListUserProvisioningsRequest, runtime: Util.RuntimeOptions): ListUserProvisioningsResponse {
  Util.validateModel(request);
  var query = {};
  if (!Util.isUnset(request.directoryId)) {
    query['DirectoryId'] = request.directoryId;
  }
  if (!Util.isUnset(request.maxResults)) {
    query['MaxResults'] = request.maxResults;
  }
  if (!Util.isUnset(request.nextToken)) {
    query['NextToken'] = request.nextToken;
  }
  if (!Util.isUnset(request.principalId)) {
    query['PrincipalId'] = request.principalId;
  }
  if (!Util.isUnset(request.principalType)) {
    query['PrincipalType'] = request.principalType;
  }
  if (!Util.isUnset(request.targetId)) {
    query['TargetId'] = request.targetId;
  }
  if (!Util.isUnset(request.targetType)) {
    query['TargetType'] = request.targetType;
  }
  var req = new OpenApi.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApi.Params{
    action = 'ListUserProvisionings',
    version = '2021-05-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Queries Resource Access Management (RAM) user provisionings.
 *
 * @param request ListUserProvisioningsRequest
 * @return ListUserProvisioningsResponse
 */
async function listUserProvisionings(request: ListUserProvisioningsRequest): ListUserProvisioningsResponse {
  var runtime = new Util.RuntimeOptions{};
  return listUserProvisioningsWithOptions(request, runtime);
}

model ListUsersRequest {
  directoryId?: string(name='DirectoryId', description='The ID of the resource directory.', example='d-00fc2p61****'),
  filter?: string(name='Filter', description='The filter condition.

You must specify the value in the `<Attribute> <Operator> <Value>` format. The value is not case-sensitive. You can set `<Attribute>` only to `UserName` and `Operator` only to `eq` or `sw`. The value eq indicates Equals, and the value sw indicates Start With.

For example, if you set the Filter parameter to UserName sw test, the operation queries the users whose names start with test. If you set the Filter parameter to UserName eq testuser, the operation queries the user whose name is `testuser`.', example='UserName sw test'),
  maxResults?: int32(name='MaxResults', description='The number of entries per page.

Valid values: 1 to 100.

Default value: 10.', example='10'),
  nextToken?: string(name='NextToken', description='The pagination token that is used in the next request to retrieve a new page of results. You do not need to specify this parameter for the first request. You must specify the token that is obtained from the previous query as the value of the `NextToken` parameter.

When you call this operation for the first time, if the total number of entries to return is larger than the value of the `MaxResults` parameter, the entries are truncated. The system returns entries based on the value of the `MaxResults` parameter, and does not return the excess entries. In this case, the value of the response parameter `IsTruncated` is `true`, and the `NextToken` parameter is returned. In the next call, you can use the value of the `NextToken` parameter and maintain the settings of the other request parameters to query the excess entries. You can repeat the call until the value of the `IsTruncated` parameter becomes `false`. This way, all entries are returned.', example='K1c3o9K7pFxoTtxH1Nm7MMLb7zrDGvftYBQBPDVv7AD3a8yhRb3Mk8L9ivmN6bFSjfkZNTAg3h4****'),
  provisionType?: string(name='ProvisionType', description='The type of the user. The parameter can be used to filter users. Valid values:

*   Manual: The user is manually created.
*   Synchronized: The user is synchronized from an external identity provider (IdP).', example='Manual'),
  status?: string(name='Status', description='The status of the user. The parameter can be used to filter users. Valid values:

*   Enabled: The logon of the user is enabled.
*   Disabled: The logon of the user is disabled.', example='Enabled'),
}

model ListUsersResponseBody = {
  isTruncated?: boolean(name='IsTruncated', description='Indicates whether the queried entries are truncated. Valid values:

*   true
*   false', example='false'),
  maxResults?: int32(name='MaxResults', description='The number of entries per page.', example='10'),
  nextToken?: string(name='NextToken', description='The pagination token that is used in the next request to retrieve a new page of results.

>  This parameter is returned only when the `IsTruncated` parameter is `true`.', example='K1c3o9K7pFxoTtxH1Nm7MMLb7zrDGvftYBQBPDVv7AD3a8yhRb3Mk8L9ivmN6bFSjfkZNTAg3h4****'),
  requestId?: string(name='RequestId', description='The request ID.', example='734D9AAC-9A8E-5DF6-A633-ADE70FF2A9B1'),
  totalCounts?: int32(name='TotalCounts', description='The total number of entries returned.', example='2'),
  users?: [ 
    {
      createTime?: string(name='CreateTime', description='The time when the user was created. The value is displayed in UTC.', example='2021-06-30T09:20:08Z'),
      description?: string(name='Description', description='The description of the user.', example='This is a user.'),
      displayName?: string(name='DisplayName', description='The display name of the user.', example='AliceLee'),
      email?: string(name='Email', description='The email address of the user.', example='AliceLee@example.onmicrosoft.com'),
      externalId?: {
        id?: string(name='Id', description='The identifier of the user that is synchronized from an external IdP.', example='c73******a5fdd5'),
        issuer?: string(name='Issuer', description='The method for external identity synchronization. Only System for Cross-domain Identity Management (SCIM) synchronization is supported.', example='SCIM'),
      }(name='ExternalId', description='The identifier information about the user synchronized from an external IdP.'),
      firstName?: string(name='FirstName', description='The first name of the user.', example='Alice'),
      lastName?: string(name='LastName', description='The last name of the user.', example='Lee'),
      provisionType?: string(name='ProvisionType', description='The type of the user. Valid values:

*   Manual: The user is manually created.
*   Synchronized: The user is synchronized from an external IdP.', example='Synchronized'),
      status?: string(name='Status', description='The status of the user. Valid values:

*   Enabled: The logon of the user is enabled.
*   Disabled: The logon of the user is disabled.', example='Enabled'),
      updateTime?: string(name='UpdateTime', description='The time when the information about the user was modified. The value is displayed in UTC.', example='2021-06-30T09:20:08Z'),
      userId?: string(name='UserId', description='The ID of the user.', example='u-00bikzkuzbb58luh****'),
      userName?: string(name='UserName', description='The name of the user.', example='AliceLee@example.onmicrosoft.com'),
    }
  ](name='Users', description='The users.'),
}

model ListUsersResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: ListUsersResponseBody(name='body'),
}

/**
 * @summary Queries users.
 *
 * @description This topic provides an example on how to query users in the `d-00fc2p61****` directory. The returned result shows that the directory contains two users. The user `AliceLee` is synchronized from an external identity provider (IdP). The user `user1` is manually created within CloudSSO.
 *
 * @param request ListUsersRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return ListUsersResponse
 */
async function listUsersWithOptions(request: ListUsersRequest, runtime: Util.RuntimeOptions): ListUsersResponse {
  Util.validateModel(request);
  var query = {};
  if (!Util.isUnset(request.directoryId)) {
    query['DirectoryId'] = request.directoryId;
  }
  if (!Util.isUnset(request.filter)) {
    query['Filter'] = request.filter;
  }
  if (!Util.isUnset(request.maxResults)) {
    query['MaxResults'] = request.maxResults;
  }
  if (!Util.isUnset(request.nextToken)) {
    query['NextToken'] = request.nextToken;
  }
  if (!Util.isUnset(request.provisionType)) {
    query['ProvisionType'] = request.provisionType;
  }
  if (!Util.isUnset(request.status)) {
    query['Status'] = request.status;
  }
  var req = new OpenApi.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApi.Params{
    action = 'ListUsers',
    version = '2021-05-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Queries users.
 *
 * @description This topic provides an example on how to query users in the `d-00fc2p61****` directory. The returned result shows that the directory contains two users. The user `AliceLee` is synchronized from an external identity provider (IdP). The user `user1` is manually created within CloudSSO.
 *
 * @param request ListUsersRequest
 * @return ListUsersResponse
 */
async function listUsers(request: ListUsersRequest): ListUsersResponse {
  var runtime = new Util.RuntimeOptions{};
  return listUsersWithOptions(request, runtime);
}

model ProvisionAccessConfigurationRequest {
  accessConfigurationId?: string(name='AccessConfigurationId', description='The ID of the access configuration.', example='ac-00jhtfl8thteu6uj****'),
  directoryId?: string(name='DirectoryId', description='The directory ID.', example='d-00fc2p61****'),
  targetId?: string(name='TargetId', description='The ID of the task object.', example='114240524784****'),
  targetType?: string(name='TargetType', description='The type of the task object. Set the value to RD-Account, which specifies the accounts in the resource directory.', example='RD-Account'),
}

model ProvisionAccessConfigurationResponseBody = {
  requestId?: string(name='RequestId', description='The request ID.', example='DFDC16B2-4509-5FA6-9FA5-3CD35E4292FB'),
  tasks?: [ 
    {
      accessConfigurationId?: string(name='AccessConfigurationId', description='The ID of the access configuration.', example='ac-00jhtfl8thteu6uj****'),
      accessConfigurationName?: string(name='AccessConfigurationName', description='The name of the access configuration.', example='ECS-Admin'),
      status?: string(name='Status', description='The task status. Valid values:

*   InProgress: The task is running.
*   Success: The task is successful.
*   Failed: The task failed.', example='InProgress'),
      targetId?: string(name='TargetId', description='The ID of the task object.', example='114240524784****'),
      targetName?: string(name='TargetName', description='The name of the task object.', example='dev-test'),
      targetPath?: string(name='TargetPath', description='The path ID of the task object in the resource directory.'),
      targetPathName?: string(name='TargetPathName', description='The path name of the task object in the resource directory.'),
      targetType?: string(name='TargetType', description='The type of the task object. The value is fixed as RD-Account, which indicates the accounts in the resource directory.', example='RD-Account'),
      taskId?: string(name='TaskId', description='The task ID.', example='t-shqlhd8uvt280rtm****'),
      taskType?: string(name='TaskType', description='The task type. The value is fixed as ProvisionAccessConfiguration, which indicates that an access configuration is provisioned.', example='ProvisionAccessConfiguration'),
    }
  ](name='Tasks', description='The task information.'),
}

model ProvisionAccessConfigurationResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: ProvisionAccessConfigurationResponseBody(name='body'),
}

/**
 * @summary Provisions an access configuration for an account in your resource directory.
 *
 * @description When you call this operation, an asynchronous task is automatically created. You can call the [GetTask](https://help.aliyun.com/document_detail/340670.html) operation to query the progress of the task based on the value of the `TaskId` response parameter.
 * This topic provides an example on how to provision the access configuration `ac-00jhtfl8thteu6uj****` for the account `114240524784****` in your resource directory.
 *
 * @param request ProvisionAccessConfigurationRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return ProvisionAccessConfigurationResponse
 */
async function provisionAccessConfigurationWithOptions(request: ProvisionAccessConfigurationRequest, runtime: Util.RuntimeOptions): ProvisionAccessConfigurationResponse {
  Util.validateModel(request);
  var query = {};
  if (!Util.isUnset(request.accessConfigurationId)) {
    query['AccessConfigurationId'] = request.accessConfigurationId;
  }
  if (!Util.isUnset(request.directoryId)) {
    query['DirectoryId'] = request.directoryId;
  }
  if (!Util.isUnset(request.targetId)) {
    query['TargetId'] = request.targetId;
  }
  if (!Util.isUnset(request.targetType)) {
    query['TargetType'] = request.targetType;
  }
  var req = new OpenApi.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApi.Params{
    action = 'ProvisionAccessConfiguration',
    version = '2021-05-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Provisions an access configuration for an account in your resource directory.
 *
 * @description When you call this operation, an asynchronous task is automatically created. You can call the [GetTask](https://help.aliyun.com/document_detail/340670.html) operation to query the progress of the task based on the value of the `TaskId` response parameter.
 * This topic provides an example on how to provision the access configuration `ac-00jhtfl8thteu6uj****` for the account `114240524784****` in your resource directory.
 *
 * @param request ProvisionAccessConfigurationRequest
 * @return ProvisionAccessConfigurationResponse
 */
async function provisionAccessConfiguration(request: ProvisionAccessConfigurationRequest): ProvisionAccessConfigurationResponse {
  var runtime = new Util.RuntimeOptions{};
  return provisionAccessConfigurationWithOptions(request, runtime);
}

model RemoveExternalSAMLIdPCertificateRequest {
  certificateId?: string(name='CertificateId', description='The ID of the certificate.

You can call the [ListExternalSAMLIdPCertificates](https://help.aliyun.com/document_detail/341629.html) operation to query the IDs of certificates.', example='idp-c-00dt9gnl7fmjaw9c****'),
  directoryId?: string(name='DirectoryId', description='The ID of the directory.', example='d-00fc2p61****'),
}

model RemoveExternalSAMLIdPCertificateResponseBody = {
  requestId?: string(name='RequestId', description='The ID of the request.', example='400979BC-92EC-58B9-B47C-6913BD56A6FD'),
}

model RemoveExternalSAMLIdPCertificateResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: RemoveExternalSAMLIdPCertificateResponseBody(name='body'),
}

/**
 * @summary Removes a Security Assertion Markup Language (SAML) signing certificate.
 *
 * @description This topic provides an example on how to remove the SAML signing certificate whose ID is `idp-c-00dt9gnl7fmjaw9c****`.
 *
 * @param request RemoveExternalSAMLIdPCertificateRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return RemoveExternalSAMLIdPCertificateResponse
 */
async function removeExternalSAMLIdPCertificateWithOptions(request: RemoveExternalSAMLIdPCertificateRequest, runtime: Util.RuntimeOptions): RemoveExternalSAMLIdPCertificateResponse {
  Util.validateModel(request);
  var query = {};
  if (!Util.isUnset(request.certificateId)) {
    query['CertificateId'] = request.certificateId;
  }
  if (!Util.isUnset(request.directoryId)) {
    query['DirectoryId'] = request.directoryId;
  }
  var req = new OpenApi.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApi.Params{
    action = 'RemoveExternalSAMLIdPCertificate',
    version = '2021-05-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Removes a Security Assertion Markup Language (SAML) signing certificate.
 *
 * @description This topic provides an example on how to remove the SAML signing certificate whose ID is `idp-c-00dt9gnl7fmjaw9c****`.
 *
 * @param request RemoveExternalSAMLIdPCertificateRequest
 * @return RemoveExternalSAMLIdPCertificateResponse
 */
async function removeExternalSAMLIdPCertificate(request: RemoveExternalSAMLIdPCertificateRequest): RemoveExternalSAMLIdPCertificateResponse {
  var runtime = new Util.RuntimeOptions{};
  return removeExternalSAMLIdPCertificateWithOptions(request, runtime);
}

model RemovePermissionPolicyFromAccessConfigurationRequest {
  accessConfigurationId?: string(name='AccessConfigurationId', description='The ID of the access configuration.', example='ac-00jhtfl8thteu6uj****'),
  directoryId?: string(name='DirectoryId', description='The ID of the directory.', example='d-00fc2p61****'),
  permissionPolicyName?: string(name='PermissionPolicyName', description='The name of the policy.', example='AliyunECSFullAccess'),
  permissionPolicyType?: string(name='PermissionPolicyType', description='The type of the policy. Valid values:

*   System: system policy
*   Inline: inline policy', example='System'),
}

model RemovePermissionPolicyFromAccessConfigurationResponseBody = {
  requestId?: string(name='RequestId', description='The ID of the request.', example='9B13E4EE-3853-5852-9165-597C32AD8FB7'),
}

model RemovePermissionPolicyFromAccessConfigurationResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: RemovePermissionPolicyFromAccessConfigurationResponseBody(name='body'),
}

/**
 * @summary Removes a policy from an access configuration.
 *
 * @description After you remove an inline policy from an access configuration, the policy cannot be restored.
 * This topic provides an example on how to remove the system policy `AliyunECSFullAccess` from the access configuration `ac-00jhtfl8thteu6uj****`.
 *
 * @param request RemovePermissionPolicyFromAccessConfigurationRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return RemovePermissionPolicyFromAccessConfigurationResponse
 */
async function removePermissionPolicyFromAccessConfigurationWithOptions(request: RemovePermissionPolicyFromAccessConfigurationRequest, runtime: Util.RuntimeOptions): RemovePermissionPolicyFromAccessConfigurationResponse {
  Util.validateModel(request);
  var query = {};
  if (!Util.isUnset(request.accessConfigurationId)) {
    query['AccessConfigurationId'] = request.accessConfigurationId;
  }
  if (!Util.isUnset(request.directoryId)) {
    query['DirectoryId'] = request.directoryId;
  }
  if (!Util.isUnset(request.permissionPolicyName)) {
    query['PermissionPolicyName'] = request.permissionPolicyName;
  }
  if (!Util.isUnset(request.permissionPolicyType)) {
    query['PermissionPolicyType'] = request.permissionPolicyType;
  }
  var req = new OpenApi.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApi.Params{
    action = 'RemovePermissionPolicyFromAccessConfiguration',
    version = '2021-05-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Removes a policy from an access configuration.
 *
 * @description After you remove an inline policy from an access configuration, the policy cannot be restored.
 * This topic provides an example on how to remove the system policy `AliyunECSFullAccess` from the access configuration `ac-00jhtfl8thteu6uj****`.
 *
 * @param request RemovePermissionPolicyFromAccessConfigurationRequest
 * @return RemovePermissionPolicyFromAccessConfigurationResponse
 */
async function removePermissionPolicyFromAccessConfiguration(request: RemovePermissionPolicyFromAccessConfigurationRequest): RemovePermissionPolicyFromAccessConfigurationResponse {
  var runtime = new Util.RuntimeOptions{};
  return removePermissionPolicyFromAccessConfigurationWithOptions(request, runtime);
}

model RemoveUserFromGroupRequest {
  directoryId?: string(name='DirectoryId', description='The ID of the directory.', example='d-00fc2p61****'),
  groupId?: string(name='GroupId', description='The ID of the group.', example='g-00jqzghi2n3o5hkh****'),
  userId?: string(name='UserId', description='The ID of the user.', example='u-00q8wbq42wiltcrk****'),
}

model RemoveUserFromGroupResponseBody = {
  requestId?: string(name='RequestId', description='The ID of the request.', example='F723DE01-6276-5DC4-9B1F-9CBE3E1748B2'),
}

model RemoveUserFromGroupResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: RemoveUserFromGroupResponseBody(name='body'),
}

/**
 * @summary Removes a user from a group.
 *
 * @description If System for Cross-domain Identity Management (SCIM) synchronization is enabled, you cannot remove a user from a group that is synchronized by using SCIM.  
 * This topic provides an example on how to remove the user `u-00q8wbq42wiltcrk****` from the group `g-00jqzghi2n3o5hkh****`.
 *
 * @param request RemoveUserFromGroupRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return RemoveUserFromGroupResponse
 */
async function removeUserFromGroupWithOptions(request: RemoveUserFromGroupRequest, runtime: Util.RuntimeOptions): RemoveUserFromGroupResponse {
  Util.validateModel(request);
  var query = {};
  if (!Util.isUnset(request.directoryId)) {
    query['DirectoryId'] = request.directoryId;
  }
  if (!Util.isUnset(request.groupId)) {
    query['GroupId'] = request.groupId;
  }
  if (!Util.isUnset(request.userId)) {
    query['UserId'] = request.userId;
  }
  var req = new OpenApi.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApi.Params{
    action = 'RemoveUserFromGroup',
    version = '2021-05-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Removes a user from a group.
 *
 * @description If System for Cross-domain Identity Management (SCIM) synchronization is enabled, you cannot remove a user from a group that is synchronized by using SCIM.  
 * This topic provides an example on how to remove the user `u-00q8wbq42wiltcrk****` from the group `g-00jqzghi2n3o5hkh****`.
 *
 * @param request RemoveUserFromGroupRequest
 * @return RemoveUserFromGroupResponse
 */
async function removeUserFromGroup(request: RemoveUserFromGroupRequest): RemoveUserFromGroupResponse {
  var runtime = new Util.RuntimeOptions{};
  return removeUserFromGroupWithOptions(request, runtime);
}

model ResetUserPasswordRequest {
  directoryId?: string(name='DirectoryId', description='The ID of the directory.', example='d-00fc2p61****'),
  generateRandomPassword?: boolean(name='GenerateRandomPassword', description='Specifies whether to enable the system to automatically generate a new password. Valid values:

*   True: The new password is automatically generated by the system.
*   False: The new password must be manually specified. This is the default value.', example='True'),
  password?: string(name='Password', description='The new password.

The password must contain the following types of characters: uppercase letters, lowercase letters, digits, and special characters.

The password must be 8 to 32 characters in length.

>  If you set `GenerateRandomPassword` to `False`, you must specify `Password` .', example='uc)XK$?ictf72CKFDy9vtWaFmISl****'),
  requirePasswordResetForNextLogin?: boolean(name='RequirePasswordResetForNextLogin', description='Specifies whether password reset is required upon the next logon. Valid values:

*   True: Password reset is required upon the next logon.
*   False: Password reset is not required upon the next logon. This is the default value.', example='False'),
  userId?: string(name='UserId', description='The ID of the user.', example='u-00q8wbq42wiltcrk****'),
}

model ResetUserPasswordResponseBody = {
  newPassword?: string(name='NewPassword', description='The new password.

>  This parameter is returned only when the new password is automatically generated by the system.', example='W2koInFIm0Wy2wVZ$oB)MzD$nY!G****'),
  requestId?: string(name='RequestId', description='The ID of the request.', example='F44F02EC-70D1-5E51-8E8E-FA9AC4EF952A'),
}

model ResetUserPasswordResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: ResetUserPasswordResponseBody(name='body'),
}

/**
 * @summary Resets the password of a user.
 *
 * @description If you forget your password or your password expires or is at risk, you must contact a CloudSSO administrator to reset your password.
 * >  After you enable SSO logon, your password cannot be reset.
 * This topic provides an example on how to reset the password of the user `u-00q8wbq42wiltcrk****`. The new password is automatically generated by the system.
 *
 * @param request ResetUserPasswordRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return ResetUserPasswordResponse
 */
async function resetUserPasswordWithOptions(request: ResetUserPasswordRequest, runtime: Util.RuntimeOptions): ResetUserPasswordResponse {
  Util.validateModel(request);
  var query = {};
  if (!Util.isUnset(request.directoryId)) {
    query['DirectoryId'] = request.directoryId;
  }
  if (!Util.isUnset(request.generateRandomPassword)) {
    query['GenerateRandomPassword'] = request.generateRandomPassword;
  }
  if (!Util.isUnset(request.password)) {
    query['Password'] = request.password;
  }
  if (!Util.isUnset(request.requirePasswordResetForNextLogin)) {
    query['RequirePasswordResetForNextLogin'] = request.requirePasswordResetForNextLogin;
  }
  if (!Util.isUnset(request.userId)) {
    query['UserId'] = request.userId;
  }
  var req = new OpenApi.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApi.Params{
    action = 'ResetUserPassword',
    version = '2021-05-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Resets the password of a user.
 *
 * @description If you forget your password or your password expires or is at risk, you must contact a CloudSSO administrator to reset your password.
 * >  After you enable SSO logon, your password cannot be reset.
 * This topic provides an example on how to reset the password of the user `u-00q8wbq42wiltcrk****`. The new password is automatically generated by the system.
 *
 * @param request ResetUserPasswordRequest
 * @return ResetUserPasswordResponse
 */
async function resetUserPassword(request: ResetUserPasswordRequest): ResetUserPasswordResponse {
  var runtime = new Util.RuntimeOptions{};
  return resetUserPasswordWithOptions(request, runtime);
}

model RetryUserProvisioningEventRequest {
  directoryId?: string(name='DirectoryId', description='The ID of the resource directory.', example='d-003qew84****'),
  duplicationStrategy?: string(name='DuplicationStrategy', description='The conflict handling policy. The policy is used when a RAM user has the same username as the CloudSSO user who is synchronized to RAM. Valid values:

*   KeepBoth: When a CloudSSO user is synchronized to RAM, if a RAM user who has the same username as the CloudSSO user exists, the system creates a RAM user whose username is the username of the CloudSSO user plus the suffix `_sso`.
*   TakeOver: When a CloudSSO user is synchronized to RAM, if a RAM user who has the same username as the CloudSSO user exists, the system replaces the RAM user with the CloudSSO user.', example='KeepBoth'),
  eventId?: string(name='EventId', description='The ID of the RAM user provisioning event.

You can call the [ListUserProvisioningEvents](https://help.aliyun.com/document_detail/2636305.html) operation to query the value of `EventId`.', example='upe-wjKyNDmZvyZOiRcJ****'),
}

model RetryUserProvisioningEventResponseBody = {
  requestId?: string(name='RequestId', description='The request ID.', example='F6F90F3D-4502-5877-B80B-97476F6AE2CC'),
}

model RetryUserProvisioningEventResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: RetryUserProvisioningEventResponseBody(name='body'),
}

/**
 * @summary Retries a Resource Access Management (RAM) user provisioning event.
 *
 * @param request RetryUserProvisioningEventRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return RetryUserProvisioningEventResponse
 */
async function retryUserProvisioningEventWithOptions(request: RetryUserProvisioningEventRequest, runtime: Util.RuntimeOptions): RetryUserProvisioningEventResponse {
  Util.validateModel(request);
  var query = {};
  if (!Util.isUnset(request.directoryId)) {
    query['DirectoryId'] = request.directoryId;
  }
  if (!Util.isUnset(request.duplicationStrategy)) {
    query['DuplicationStrategy'] = request.duplicationStrategy;
  }
  if (!Util.isUnset(request.eventId)) {
    query['EventId'] = request.eventId;
  }
  var req = new OpenApi.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApi.Params{
    action = 'RetryUserProvisioningEvent',
    version = '2021-05-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Retries a Resource Access Management (RAM) user provisioning event.
 *
 * @param request RetryUserProvisioningEventRequest
 * @return RetryUserProvisioningEventResponse
 */
async function retryUserProvisioningEvent(request: RetryUserProvisioningEventRequest): RetryUserProvisioningEventResponse {
  var runtime = new Util.RuntimeOptions{};
  return retryUserProvisioningEventWithOptions(request, runtime);
}

model SetExternalSAMLIdentityProviderRequest {
  bindingType?: string(name='BindingType', description='The Binding method for initiating a SAML request. Values:

- Post: Initiate the SAML request using the Post method. 
- Redirect: Initiate the SAML request using the Redirect method.', example='Redirect'),
  directoryId?: string(name='DirectoryId', description='The ID of the directory.', example='d-00fc2p61****'),
  encodedMetadataDocument?: string(name='EncodedMetadataDocument', description='The metadata file of the IdP. The value of this parameter is Base64-encoded.

The file is provided by the IdP that supports SAML 2.0.', example='PD94bWwgdmVyc2lvbj0iMS4****'),
  entityId?: string(name='EntityId', description='The entity ID of the IdP.', example='http://www.okta.com/exk3qwgtjhetR2Od****'),
  loginUrl?: string(name='LoginUrl', description='The logon URL of the IdP.'),
  SSOStatus?: string(name='SSOStatus', description='The status of SSO logon. Valid values:

*   Enabled
*   Disabled (default)', example='Disabled'),
  wantRequestSigned?: boolean(name='WantRequestSigned', description='Specifies whether CloudSSO needs to sign SAML requests. The requests are sent when users log on to the CloudSSO user portal to initiate SAML-based SSO. Valid values:

*   true: yes
*   false: no (default)', example='false'),
  x509Certificate?: string(name='X509Certificate', description='The X.509 certificate in the PEM format. If you specify this parameter, all existing certificates are replaced.', example='MIIC8DCCAdigAwIBAgIQP9eomUYGeoND****'),
}

model SetExternalSAMLIdentityProviderResponseBody = {
  requestId?: string(name='RequestId', description='The ID of the request.', example='63160579-2E1B-57B0-8273-B27427172385'),
  SAMLIdentityProviderConfiguration?: {
    bindingType?: string(name='BindingType', description='The Binding method for initiating a SAML request. Values:

- Post: Initiate the SAML request using the Post method. 
- Redirect: Initiate the SAML request using the Redirect method.', example='Redirect'),
    certificateIds?: [ string ](name='CertificateIds', description='The ID of the SAML signing certificate.'),
    createTime?: string(name='CreateTime', description='The time when the IdP was configured for the first time.', example='2021-11-10T02:57:16Z'),
    directoryId?: string(name='DirectoryId', description='The ID of the directory.', example='d-00fc2p61****'),
    encodedMetadataDocument?: string(name='EncodedMetadataDocument', description='The metadata file of the IdP. The value of this parameter is Base64-encoded.', example='PD94bWwgdmVyc2lvbj0iMS4****'),
    entityId?: string(name='EntityId', description='The entity ID of the IdP.', example='http://www.okta.com/exk3qwgtjhetR2Od****'),
    loginUrl?: string(name='LoginUrl', description='The logon URL of the IdP.'),
    SSOStatus?: string(name='SSOStatus', description='The status of SSO logon. Valid values:

*   Enabled
*   Disabled', example='Disabled'),
    updateTime?: string(name='UpdateTime', description='The time when the IdP configurations were last modified.', example='2021-11-10T02:57:16Z'),
    wantRequestSigned?: boolean(name='WantRequestSigned', description='Indicates whether CloudSSO needs to sign SAML requests. The requests are sent when users log on to the CloudSSO user portal to initiate SAML-based SSO. Valid values:

*   true: yes
*   false: no (default)', example='false'),
  }(name='SAMLIdentityProviderConfiguration', description='The configurations of the IdP.'),
}

model SetExternalSAMLIdentityProviderResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: SetExternalSAMLIdentityProviderResponseBody(name='body'),
}

/**
 * @summary Configures a Security Assertion Markup Language (SAML) identity provider (IdP).
 *
 * @description During SAML 2.0-based single sign-on (SSO) logon, CloudSSO is an SP, and the identity management system of an enterprise is an IdP.
 * You can use one of the following methods to configure a SAML IdP. You can obtain the required metadata file or parameter values from your IdP.
 * *   Use the metadata file. You can specify the `EncodedMetadataDocument` parameter to upload the metadata file.
 * *   Manually configure the IdP. You can manually specify the following parameters for your IdP: `EntityId`, `LoginUrl`, `WantRequestSigned`, and `X509Certificate`.
 * If you have configured a SAML IdP, the existing configurations are replaced after you call this operation.
 * *   If the IdP is configured by using the metadata file, all existing configurations are replaced with new configurations.
 * *   If the IdP is manually configured, the original parameter values that are different from the new parameter values are replaced.
 * >  If SSO logon is enabled, new configurations immediately take effect. Take note of the impacts on the production environment.
 * This topic provides an example on how to configure an IdP by using the metadata file within the directory `d-00fc2p61****`.
 *
 * @param request SetExternalSAMLIdentityProviderRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return SetExternalSAMLIdentityProviderResponse
 */
async function setExternalSAMLIdentityProviderWithOptions(request: SetExternalSAMLIdentityProviderRequest, runtime: Util.RuntimeOptions): SetExternalSAMLIdentityProviderResponse {
  Util.validateModel(request);
  var query = {};
  if (!Util.isUnset(request.bindingType)) {
    query['BindingType'] = request.bindingType;
  }
  if (!Util.isUnset(request.directoryId)) {
    query['DirectoryId'] = request.directoryId;
  }
  if (!Util.isUnset(request.encodedMetadataDocument)) {
    query['EncodedMetadataDocument'] = request.encodedMetadataDocument;
  }
  if (!Util.isUnset(request.entityId)) {
    query['EntityId'] = request.entityId;
  }
  if (!Util.isUnset(request.loginUrl)) {
    query['LoginUrl'] = request.loginUrl;
  }
  if (!Util.isUnset(request.SSOStatus)) {
    query['SSOStatus'] = request.SSOStatus;
  }
  if (!Util.isUnset(request.wantRequestSigned)) {
    query['WantRequestSigned'] = request.wantRequestSigned;
  }
  if (!Util.isUnset(request.x509Certificate)) {
    query['X509Certificate'] = request.x509Certificate;
  }
  var req = new OpenApi.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApi.Params{
    action = 'SetExternalSAMLIdentityProvider',
    version = '2021-05-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Configures a Security Assertion Markup Language (SAML) identity provider (IdP).
 *
 * @description During SAML 2.0-based single sign-on (SSO) logon, CloudSSO is an SP, and the identity management system of an enterprise is an IdP.
 * You can use one of the following methods to configure a SAML IdP. You can obtain the required metadata file or parameter values from your IdP.
 * *   Use the metadata file. You can specify the `EncodedMetadataDocument` parameter to upload the metadata file.
 * *   Manually configure the IdP. You can manually specify the following parameters for your IdP: `EntityId`, `LoginUrl`, `WantRequestSigned`, and `X509Certificate`.
 * If you have configured a SAML IdP, the existing configurations are replaced after you call this operation.
 * *   If the IdP is configured by using the metadata file, all existing configurations are replaced with new configurations.
 * *   If the IdP is manually configured, the original parameter values that are different from the new parameter values are replaced.
 * >  If SSO logon is enabled, new configurations immediately take effect. Take note of the impacts on the production environment.
 * This topic provides an example on how to configure an IdP by using the metadata file within the directory `d-00fc2p61****`.
 *
 * @param request SetExternalSAMLIdentityProviderRequest
 * @return SetExternalSAMLIdentityProviderResponse
 */
async function setExternalSAMLIdentityProvider(request: SetExternalSAMLIdentityProviderRequest): SetExternalSAMLIdentityProviderResponse {
  var runtime = new Util.RuntimeOptions{};
  return setExternalSAMLIdentityProviderWithOptions(request, runtime);
}

model SetLoginPreferenceRequest {
  allowUserToGetCredentials?: boolean(name='AllowUserToGetCredentials'),
  directoryId?: string(name='DirectoryId', description='The ID of the directory.', example='d-00fc2p61****'),
  loginNetworkMasks?: string(name='LoginNetworkMasks', description='The IP address whitelist. CloudSSO users can log on to the CloudSSO user portal only by using the IP addresses in the whitelist. Limits:

*   You can enter IP addresses or CIDR blocks. IPv4 addresses are supported.
*   You can enter up to 100 IP addresses or CIDR blocks. Separate multiple IP addresses or CIDR blocks with semicolons `(;)`.
*   If you do not specify this parameter, the original settings are retained.
*   If you set this parameter to a semicolon (`;`), the value of this parameter is cleared.
*   The IP address whitelist takes effect only on CloudSSO users who want to log on to the CloudSSO user portal by using the username-password logon or single sign-on (SSO) method. The IP address whitelist does not take effect on CloudSSO users who access accounts in a resource directory from the CloudSSO user portal.', example='192.168.0.0/16;10.0.0.0/8'),
}

model SetLoginPreferenceResponseBody = {
  requestId?: string(name='RequestId', description='The request ID.', example='9B13E4EE-3853-5852-9165-597C32AD8FB7'),
}

model SetLoginPreferenceResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: SetLoginPreferenceResponseBody(name='body'),
}

/**
 * @summary Configures the logon preference of CloudSSO users.
 *
 * @param request SetLoginPreferenceRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return SetLoginPreferenceResponse
 */
async function setLoginPreferenceWithOptions(request: SetLoginPreferenceRequest, runtime: Util.RuntimeOptions): SetLoginPreferenceResponse {
  Util.validateModel(request);
  var query = {};
  if (!Util.isUnset(request.allowUserToGetCredentials)) {
    query['AllowUserToGetCredentials'] = request.allowUserToGetCredentials;
  }
  if (!Util.isUnset(request.directoryId)) {
    query['DirectoryId'] = request.directoryId;
  }
  if (!Util.isUnset(request.loginNetworkMasks)) {
    query['LoginNetworkMasks'] = request.loginNetworkMasks;
  }
  var req = new OpenApi.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApi.Params{
    action = 'SetLoginPreference',
    version = '2021-05-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Configures the logon preference of CloudSSO users.
 *
 * @param request SetLoginPreferenceRequest
 * @return SetLoginPreferenceResponse
 */
async function setLoginPreference(request: SetLoginPreferenceRequest): SetLoginPreferenceResponse {
  var runtime = new Util.RuntimeOptions{};
  return setLoginPreferenceWithOptions(request, runtime);
}

model SetMFAAuthenticationStatusRequest {
  directoryId?: string(name='DirectoryId', description='The ID of the directory.', example='d-00fc2p61****'),
  MFAAuthenticationStatus?: string(name='MFAAuthenticationStatus', description='The status of MFA. Valid values:

*   Enabled
*   Disabled', example='Enabled'),
}

model SetMFAAuthenticationStatusResponseBody = {
  requestId?: string(name='RequestId', description='The ID of the request.', example='14E2B1A9-7713-5E6F-8409-8DE12DF51AF4'),
}

model SetMFAAuthenticationStatusResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: SetMFAAuthenticationStatusResponseBody(name='body'),
}

/**
 * @summary Enables or disables multi-factor authentication (MFA) for users in a directory.
 *
 * @description If a CloudSSO administrator enables username-password logon for users, CloudSSO automatically enables MFA to improve security. The administrator can call this operation to enable or disable MFA based on the business requirements.
 * This topic provides an example on how to enable MFA for users.
 *
 * @param request SetMFAAuthenticationStatusRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return SetMFAAuthenticationStatusResponse
 */
async function setMFAAuthenticationStatusWithOptions(request: SetMFAAuthenticationStatusRequest, runtime: Util.RuntimeOptions): SetMFAAuthenticationStatusResponse {
  Util.validateModel(request);
  var query = {};
  if (!Util.isUnset(request.directoryId)) {
    query['DirectoryId'] = request.directoryId;
  }
  if (!Util.isUnset(request.MFAAuthenticationStatus)) {
    query['MFAAuthenticationStatus'] = request.MFAAuthenticationStatus;
  }
  var req = new OpenApi.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApi.Params{
    action = 'SetMFAAuthenticationStatus',
    version = '2021-05-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Enables or disables multi-factor authentication (MFA) for users in a directory.
 *
 * @description If a CloudSSO administrator enables username-password logon for users, CloudSSO automatically enables MFA to improve security. The administrator can call this operation to enable or disable MFA based on the business requirements.
 * This topic provides an example on how to enable MFA for users.
 *
 * @param request SetMFAAuthenticationStatusRequest
 * @return SetMFAAuthenticationStatusResponse
 */
async function setMFAAuthenticationStatus(request: SetMFAAuthenticationStatusRequest): SetMFAAuthenticationStatusResponse {
  var runtime = new Util.RuntimeOptions{};
  return setMFAAuthenticationStatusWithOptions(request, runtime);
}

model SetPasswordPolicyRequest {
  directoryId?: string(name='DirectoryId', description='The ID of the directory.', example='d-00fc2p61****'),
  maxLoginAttempts?: int32(name='MaxLoginAttempts', description='The number of password retries.

If you enter wrong passwords for the specified consecutive times, the account is locked for 1 hour.

Valid values: 0 to 32. The value 0 specifies that the number of password retries is not limited.', example='5'),
  maxPasswordAge?: int32(name='MaxPasswordAge', description='The validity period of a password.

Valid values: 1 to 120. Unit: days.', example='90'),
  minPasswordDifferentChars?: int32(name='MinPasswordDifferentChars', description='The minimum number of unique characters in a password.

The minimum value is 0, which specifies that the minimum number of unique characters in a password is not limited. The maximum value is the value of the `MinPasswordLength` parameter.', example='8'),
  minPasswordLength?: int32(name='MinPasswordLength', description='The minimum password length.

Valid values: 8 to 32 characters.', example='8'),
  passwordNotContainUsername?: boolean(name='PasswordNotContainUsername', description='Specifies whether a password can contain the username. Valid value:

*   true: A password cannot contain the username.
*   false: A password can contain the username.', example='true'),
  passwordReusePrevention?: int32(name='PasswordReusePrevention', description='The policy for password history check.

The previous N passwords cannot be reused. Valid values of N: 0 to 24. The value 0 specifies that all historical passwords can be reused.

>  Passwords that are generated before January 5, 2024 are not counted as historical passwords.', example='1'),
}

model SetPasswordPolicyResponseBody = {
  requestId?: string(name='RequestId', description='The request ID.', example='768F908D-A66A-5A5D-816C-20C93CBBFEE3'),
}

model SetPasswordPolicyResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: SetPasswordPolicyResponseBody(name='body'),
}

/**
 * @summary Configures a password policy for CloudSSO users.
 *
 * @param request SetPasswordPolicyRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return SetPasswordPolicyResponse
 */
async function setPasswordPolicyWithOptions(request: SetPasswordPolicyRequest, runtime: Util.RuntimeOptions): SetPasswordPolicyResponse {
  Util.validateModel(request);
  var query = {};
  if (!Util.isUnset(request.directoryId)) {
    query['DirectoryId'] = request.directoryId;
  }
  if (!Util.isUnset(request.maxLoginAttempts)) {
    query['MaxLoginAttempts'] = request.maxLoginAttempts;
  }
  if (!Util.isUnset(request.maxPasswordAge)) {
    query['MaxPasswordAge'] = request.maxPasswordAge;
  }
  if (!Util.isUnset(request.minPasswordDifferentChars)) {
    query['MinPasswordDifferentChars'] = request.minPasswordDifferentChars;
  }
  if (!Util.isUnset(request.minPasswordLength)) {
    query['MinPasswordLength'] = request.minPasswordLength;
  }
  if (!Util.isUnset(request.passwordNotContainUsername)) {
    query['PasswordNotContainUsername'] = request.passwordNotContainUsername;
  }
  if (!Util.isUnset(request.passwordReusePrevention)) {
    query['PasswordReusePrevention'] = request.passwordReusePrevention;
  }
  var req = new OpenApi.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApi.Params{
    action = 'SetPasswordPolicy',
    version = '2021-05-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Configures a password policy for CloudSSO users.
 *
 * @param request SetPasswordPolicyRequest
 * @return SetPasswordPolicyResponse
 */
async function setPasswordPolicy(request: SetPasswordPolicyRequest): SetPasswordPolicyResponse {
  var runtime = new Util.RuntimeOptions{};
  return setPasswordPolicyWithOptions(request, runtime);
}

model SetSCIMSynchronizationStatusRequest {
  directoryId?: string(name='DirectoryId', description='The ID of the directory.', example='d-00fc2p61****'),
  SCIMSynchronizationStatus?: string(name='SCIMSynchronizationStatus', description='The status of SCIM synchronization. Valid values:

*   Enabled
*   Disabled', example='Enabled'),
}

model SetSCIMSynchronizationStatusResponseBody = {
  requestId?: string(name='RequestId', description='The ID of the request.', example='3BF1FC78-5D20-54CC-BAEB-8CC33AE21D01'),
}

model SetSCIMSynchronizationStatusResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: SetSCIMSynchronizationStatusResponseBody(name='body'),
}

/**
 * @summary Enables or disables Cross-domain Identity Management (SCIM) synchronization.
 *
 * @description You can synchronize users or groups from an external identity provider (IdP) that supports SCIM 2.0 to CloudSSO only after SCIM synchronization is enabled. If you disable SCIM synchronization, you can no longer synchronize users or groups to CloudSSO. The following list describes the impacts after SCIM synchronization is enabled or disabled:
 * *   After you enable SCIM synchronization, you cannot modify or delete the users or groups that are synchronized to CloudSSO by using SCIM. In addition, you cannot add users to or remove users from the groups. However, you can change the passwords of the users and enable or disable the logon of the users.
 * *   After you disable SCIM synchronization, you can modify and delete the users and groups that are synchronized to CloudSSO by using SCIM. You can also add users to or remove users from the groups.
 * This topic provides an example on how to enable SCIM synchronization within the directory `d-00fc2p61****`.
 *
 * @param request SetSCIMSynchronizationStatusRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return SetSCIMSynchronizationStatusResponse
 */
async function setSCIMSynchronizationStatusWithOptions(request: SetSCIMSynchronizationStatusRequest, runtime: Util.RuntimeOptions): SetSCIMSynchronizationStatusResponse {
  Util.validateModel(request);
  var query = {};
  if (!Util.isUnset(request.directoryId)) {
    query['DirectoryId'] = request.directoryId;
  }
  if (!Util.isUnset(request.SCIMSynchronizationStatus)) {
    query['SCIMSynchronizationStatus'] = request.SCIMSynchronizationStatus;
  }
  var req = new OpenApi.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApi.Params{
    action = 'SetSCIMSynchronizationStatus',
    version = '2021-05-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Enables or disables Cross-domain Identity Management (SCIM) synchronization.
 *
 * @description You can synchronize users or groups from an external identity provider (IdP) that supports SCIM 2.0 to CloudSSO only after SCIM synchronization is enabled. If you disable SCIM synchronization, you can no longer synchronize users or groups to CloudSSO. The following list describes the impacts after SCIM synchronization is enabled or disabled:
 * *   After you enable SCIM synchronization, you cannot modify or delete the users or groups that are synchronized to CloudSSO by using SCIM. In addition, you cannot add users to or remove users from the groups. However, you can change the passwords of the users and enable or disable the logon of the users.
 * *   After you disable SCIM synchronization, you can modify and delete the users and groups that are synchronized to CloudSSO by using SCIM. You can also add users to or remove users from the groups.
 * This topic provides an example on how to enable SCIM synchronization within the directory `d-00fc2p61****`.
 *
 * @param request SetSCIMSynchronizationStatusRequest
 * @return SetSCIMSynchronizationStatusResponse
 */
async function setSCIMSynchronizationStatus(request: SetSCIMSynchronizationStatusRequest): SetSCIMSynchronizationStatusResponse {
  var runtime = new Util.RuntimeOptions{};
  return setSCIMSynchronizationStatusWithOptions(request, runtime);
}

model UpdateAccessConfigurationRequest {
  accessConfigurationId?: string(name='AccessConfigurationId', description='The ID of the access configuration.', example='ac-00jhtfl8thteu6uj****'),
  directoryId?: string(name='DirectoryId', description='The ID of the directory.', example='d-00fc2p61****'),
  newDescription?: string(name='NewDescription', description='The new description of the access configuration.

The description can be up to 1,024 characters in length.', example='This is an access configuration.'),
  newRelayState?: string(name='NewRelayState', description='The new initial web page that is displayed after a CloudSSO user accesses an account in your resource directory by using the access configuration.

The web page must be a page of the Alibaba Cloud Management Console.', example='https://cloudsso.console.aliyun.com'),
  newSessionDuration?: int32(name='NewSessionDuration', description='The new duration of a session in which a CloudSSO user accesses an account in your resource directory by using the access configuration.

Unit: seconds.

Valid values: 900 to 43200. The value 900 indicates 15 minutes. The value 43200 indicates 12 hours.', example='3600'),
}

model UpdateAccessConfigurationResponseBody = {
  accessConfiguration?: {
    accessConfigurationId?: string(name='AccessConfigurationId', description='The ID of the access configuration.', example='ac-00jhtfl8thteu6uj****'),
    accessConfigurationName?: string(name='AccessConfigurationName', description='The name of the access configuration.', example='ECS-Admin'),
    createTime?: string(name='CreateTime', description='The time when the access configuration was created.', example='2021-11-02T08:44:23Z'),
    description?: string(name='Description', description='The description of the access configuration.', example='This is an access configuration.'),
    relayState?: string(name='RelayState', description='The initial web page that is displayed after a CloudSSO user accesses an account in your resource directory by using the access configuration.', example='https://cloudsso.console.aliyun.com'),
    sessionDuration?: int32(name='SessionDuration', description='The duration of a session in which a CloudSSO user accesses an account in your resource directory by using the access configuration.

Unit: seconds.', example='3600'),
    statusNotifications?: [ string ](name='StatusNotifications', description='The status notification.'),
    updateTime?: string(name='UpdateTime', description='The time when the information about the access configuration was modified.', example='2021-11-02T10:10:01Z'),
  }(name='AccessConfiguration', description='The information about the access configuration.'),
  requestId?: string(name='RequestId', description='The ID of the request.', example='9B13E4EE-3853-5852-9165-597C32AD8FB7'),
}

model UpdateAccessConfigurationResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: UpdateAccessConfigurationResponseBody(name='body'),
}

/**
 * @summary Modifies information about an access configuration.
 *
 * @description You can modify the `Description`, `SessionDuration`, and `RelayState` parameters for an access configuration.
 * This topic provides an example on how to change the initial web page in the access configuration `ac-00jhtfl8thteu6uj****` to `https://cloudsso.console.aliyun.com`.
 *
 * @param request UpdateAccessConfigurationRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return UpdateAccessConfigurationResponse
 */
async function updateAccessConfigurationWithOptions(request: UpdateAccessConfigurationRequest, runtime: Util.RuntimeOptions): UpdateAccessConfigurationResponse {
  Util.validateModel(request);
  var query = {};
  if (!Util.isUnset(request.accessConfigurationId)) {
    query['AccessConfigurationId'] = request.accessConfigurationId;
  }
  if (!Util.isUnset(request.directoryId)) {
    query['DirectoryId'] = request.directoryId;
  }
  if (!Util.isUnset(request.newDescription)) {
    query['NewDescription'] = request.newDescription;
  }
  if (!Util.isUnset(request.newRelayState)) {
    query['NewRelayState'] = request.newRelayState;
  }
  if (!Util.isUnset(request.newSessionDuration)) {
    query['NewSessionDuration'] = request.newSessionDuration;
  }
  var req = new OpenApi.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApi.Params{
    action = 'UpdateAccessConfiguration',
    version = '2021-05-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Modifies information about an access configuration.
 *
 * @description You can modify the `Description`, `SessionDuration`, and `RelayState` parameters for an access configuration.
 * This topic provides an example on how to change the initial web page in the access configuration `ac-00jhtfl8thteu6uj****` to `https://cloudsso.console.aliyun.com`.
 *
 * @param request UpdateAccessConfigurationRequest
 * @return UpdateAccessConfigurationResponse
 */
async function updateAccessConfiguration(request: UpdateAccessConfigurationRequest): UpdateAccessConfigurationResponse {
  var runtime = new Util.RuntimeOptions{};
  return updateAccessConfigurationWithOptions(request, runtime);
}

model UpdateDirectoryRequest {
  directoryId?: string(name='DirectoryId', description='The ID of the directory.', example='d-00fc2p61****'),
  newDirectoryName?: string(name='NewDirectoryName', description='The new name of the directory. The name must be globally unique.

The name can contain lowercase letters, digits, and hyphens (-). The name cannot start or end with a hyphen (-) and cannot have two consecutive hyphens (-). If you want to start the new name of the directory starts with `d-`, you must set this parameter to the ID of the directory.

The name must be 2 to 64 characters in length.', example='new-example'),
}

model UpdateDirectoryResponseBody = {
  directory?: {
    createTime?: string(name='CreateTime', description='The time when the directory was created.', example='2021-06-30T08:35:26Z'),
    directoryId?: string(name='DirectoryId', description='The ID of the directory.', example='d-00fc2p61****'),
    directoryName?: string(name='DirectoryName', description='The name of the directory.', example='new-example'),
    region?: string(name='Region', description='The region ID of the directory.', example='cn-shanghai'),
    updateTime?: string(name='UpdateTime', description='The time when the directory was modified.', example='2021-10-25T09:13:24Z'),
  }(name='Directory', description='The information about the directory.'),
  requestId?: string(name='RequestId', description='The ID of the request.', example='B182C041-8C64-5F2F-A07B-FC67FAF89CF9'),
}

model UpdateDirectoryResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: UpdateDirectoryResponseBody(name='body'),
}

/**
 * @summary Changes the name of a directory.
 *
 * @description After you change the name of a directory, the URL that is used to log on to the Cloud SSO user portal is changed. You must notify the Cloud SSO users of the correct URL. 
 * This topic provides an example on how to change the name of a directory to `new-example`.
 *
 * @param request UpdateDirectoryRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return UpdateDirectoryResponse
 */
async function updateDirectoryWithOptions(request: UpdateDirectoryRequest, runtime: Util.RuntimeOptions): UpdateDirectoryResponse {
  Util.validateModel(request);
  var query = {};
  if (!Util.isUnset(request.directoryId)) {
    query['DirectoryId'] = request.directoryId;
  }
  if (!Util.isUnset(request.newDirectoryName)) {
    query['NewDirectoryName'] = request.newDirectoryName;
  }
  var req = new OpenApi.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApi.Params{
    action = 'UpdateDirectory',
    version = '2021-05-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Changes the name of a directory.
 *
 * @description After you change the name of a directory, the URL that is used to log on to the Cloud SSO user portal is changed. You must notify the Cloud SSO users of the correct URL. 
 * This topic provides an example on how to change the name of a directory to `new-example`.
 *
 * @param request UpdateDirectoryRequest
 * @return UpdateDirectoryResponse
 */
async function updateDirectory(request: UpdateDirectoryRequest): UpdateDirectoryResponse {
  var runtime = new Util.RuntimeOptions{};
  return updateDirectoryWithOptions(request, runtime);
}

model UpdateGroupRequest {
  directoryId?: string(name='DirectoryId', description='The ID of the directory.', example='d-00fc2p61****'),
  groupId?: string(name='GroupId', description='The ID of the group.', example='g-00jqzghi2n3o5hkh****'),
  newDescription?: string(name='NewDescription', description='The new description of the group.', example='This is a group.'),
  newGroupName?: string(name='NewGroupName', description='The new name of the group.', example='NewTestGroup'),
}

model UpdateGroupResponseBody = {
  group?: {
    createTime?: string(name='CreateTime', description='The time when the group was created.', example='2021-11-01T02:38:27Z'),
    description?: string(name='Description', description='The description of the group.', example='This is a group.'),
    groupId?: string(name='GroupId', description='The ID of the group.', example='g-00jqzghi2n3o5hkh****'),
    groupName?: string(name='GroupName', description='The name of the group.', example='NewTestGroup'),
    provisionType?: string(name='ProvisionType', description='The type of the group. Valid values:

*   Manual: The group is manually created.
*   Synchronized: The user is synchronized from an external identity provider (IdP).', example='Manual'),
    updateTime?: string(name='UpdateTime', description='The time when the information about the group was modified.', example='2021-11-01T06:06:11Z'),
  }(name='Group', description='The information about the group.'),
  requestId?: string(name='RequestId', description='The ID of the request.', example='F723DE01-6276-5DC4-9B1F-9CBE3E1748B2'),
}

model UpdateGroupResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: UpdateGroupResponseBody(name='body'),
}

/**
 * @summary Modifies information about a group.
 *
 * @description You can modify `GroupName` and `Description` for a group.
 * >  If System for Cross-domain Identity Management (SCIM) synchronization is enabled, you cannot modify the information about a group that is synchronized by using SCIM.
 * This topic provides an example on how to change the name of the group `g-00jqzghi2n3o5hkh****` to `NewTestGroup`.
 *
 * @param request UpdateGroupRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return UpdateGroupResponse
 */
async function updateGroupWithOptions(request: UpdateGroupRequest, runtime: Util.RuntimeOptions): UpdateGroupResponse {
  Util.validateModel(request);
  var query = {};
  if (!Util.isUnset(request.directoryId)) {
    query['DirectoryId'] = request.directoryId;
  }
  if (!Util.isUnset(request.groupId)) {
    query['GroupId'] = request.groupId;
  }
  if (!Util.isUnset(request.newDescription)) {
    query['NewDescription'] = request.newDescription;
  }
  if (!Util.isUnset(request.newGroupName)) {
    query['NewGroupName'] = request.newGroupName;
  }
  var req = new OpenApi.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApi.Params{
    action = 'UpdateGroup',
    version = '2021-05-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Modifies information about a group.
 *
 * @description You can modify `GroupName` and `Description` for a group.
 * >  If System for Cross-domain Identity Management (SCIM) synchronization is enabled, you cannot modify the information about a group that is synchronized by using SCIM.
 * This topic provides an example on how to change the name of the group `g-00jqzghi2n3o5hkh****` to `NewTestGroup`.
 *
 * @param request UpdateGroupRequest
 * @return UpdateGroupResponse
 */
async function updateGroup(request: UpdateGroupRequest): UpdateGroupResponse {
  var runtime = new Util.RuntimeOptions{};
  return updateGroupWithOptions(request, runtime);
}

model UpdateInlinePolicyForAccessConfigurationRequest {
  accessConfigurationId?: string(name='AccessConfigurationId', description='The ID of the access configuration.', example='ac-00jhtfl8thteu6uj****'),
  directoryId?: string(name='DirectoryId', description='The ID of the directory.', example='d-00fc2p61****'),
  inlinePolicyName?: string(name='InlinePolicyName', description='The name of the inline policy.', example='InlinePolicy'),
  newInlinePolicyDocument?: string(name='NewInlinePolicyDocument', description='The new configurations of the inline policy.

The value can be up to 4,096 characters in length.

For more information about the syntax and structure of RAM policies, see [Policy syntax and structure](https://help.aliyun.com/document_detail/93739.html).', example='{"Statement": [{"Action": "*","Effect": "Allow","Resource": "*"}],"Version": "1"}'),
}

model UpdateInlinePolicyForAccessConfigurationResponseBody = {
  requestId?: string(name='RequestId', description='The ID of the request.', example='9B13E4EE-3853-5852-9165-597C32AD8FB7'),
}

model UpdateInlinePolicyForAccessConfigurationResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: UpdateInlinePolicyForAccessConfigurationResponseBody(name='body'),
}

/**
 * @summary Modifies an inline policy that is created for an access configuration.
 *
 * @description This topic provides an example on how to modify an inline policy that is created for the access configuration `ac-00jhtfl8thteu6uj****`.
 *
 * @param request UpdateInlinePolicyForAccessConfigurationRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return UpdateInlinePolicyForAccessConfigurationResponse
 */
async function updateInlinePolicyForAccessConfigurationWithOptions(request: UpdateInlinePolicyForAccessConfigurationRequest, runtime: Util.RuntimeOptions): UpdateInlinePolicyForAccessConfigurationResponse {
  Util.validateModel(request);
  var query = {};
  if (!Util.isUnset(request.accessConfigurationId)) {
    query['AccessConfigurationId'] = request.accessConfigurationId;
  }
  if (!Util.isUnset(request.directoryId)) {
    query['DirectoryId'] = request.directoryId;
  }
  if (!Util.isUnset(request.inlinePolicyName)) {
    query['InlinePolicyName'] = request.inlinePolicyName;
  }
  if (!Util.isUnset(request.newInlinePolicyDocument)) {
    query['NewInlinePolicyDocument'] = request.newInlinePolicyDocument;
  }
  var req = new OpenApi.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApi.Params{
    action = 'UpdateInlinePolicyForAccessConfiguration',
    version = '2021-05-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Modifies an inline policy that is created for an access configuration.
 *
 * @description This topic provides an example on how to modify an inline policy that is created for the access configuration `ac-00jhtfl8thteu6uj****`.
 *
 * @param request UpdateInlinePolicyForAccessConfigurationRequest
 * @return UpdateInlinePolicyForAccessConfigurationResponse
 */
async function updateInlinePolicyForAccessConfiguration(request: UpdateInlinePolicyForAccessConfigurationRequest): UpdateInlinePolicyForAccessConfigurationResponse {
  var runtime = new Util.RuntimeOptions{};
  return updateInlinePolicyForAccessConfigurationWithOptions(request, runtime);
}

model UpdateMFAAuthenticationSettingsRequest {
  directoryId?: string(name='DirectoryId', description='The ID of the directory.', example='d-00fc2p61****'),
  MFAAuthenticationSettings?: string(name='MFAAuthenticationSettings', description='Specifies whether to enable MFA for all users. Valid value:

- Enabled: enables MFA for all users.
- Byuser: uses user-specific settings. For more information about how to configure MFA for a single user, see [UpdateUserMFAAuthenticationSettings](https://help.aliyun.com/document_detail/450135.html).
- Disabled: disables MFA for all users.
- OnlyRiskyLogin: MFA is required only for unusual logons.', example='Enabled'),
  operationForRiskLogin?: string(name='OperationForRiskLogin', description='Specifies whether MFA is required for users who initiated unusual logons. Valid value:

- Autonomous: MFA is prompted for users who initiated unusual logons. However, the users are allowed to skip MFA. If an MFA device is bound to a user who initiated an unusual logon, the user must pass MFA.

- EnforceVerify: MFA is required. If no MFA devices are bound to a user who initiated an unusual logon, the user must bind an MFA device. If an MFA device is already bound to a user who initiated an unusual logon, the user must pass MFA.', example='Autonomous'),
}

model UpdateMFAAuthenticationSettingsResponseBody = {
  requestId?: string(name='RequestId', description='The ID of the request.', example='A1C748E3-8944-5593-81BC-7D96AE24F77B'),
}

model UpdateMFAAuthenticationSettingsResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: UpdateMFAAuthenticationSettingsResponseBody(name='body'),
}

/**
 * @summary Modifies the multi-factor authentication (MFA) setting of all users.
 *
 * @description If you enable username-password logon for CloudSSO users, you can also configure MFA for the users.
 * This topic provides an example on how to enable MFA for all CloudSSO users that belong to the directory named `d-00fc2p61****`.
 *
 * @param request UpdateMFAAuthenticationSettingsRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return UpdateMFAAuthenticationSettingsResponse
 */
async function updateMFAAuthenticationSettingsWithOptions(request: UpdateMFAAuthenticationSettingsRequest, runtime: Util.RuntimeOptions): UpdateMFAAuthenticationSettingsResponse {
  Util.validateModel(request);
  var query = {};
  if (!Util.isUnset(request.directoryId)) {
    query['DirectoryId'] = request.directoryId;
  }
  if (!Util.isUnset(request.MFAAuthenticationSettings)) {
    query['MFAAuthenticationSettings'] = request.MFAAuthenticationSettings;
  }
  if (!Util.isUnset(request.operationForRiskLogin)) {
    query['OperationForRiskLogin'] = request.operationForRiskLogin;
  }
  var req = new OpenApi.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApi.Params{
    action = 'UpdateMFAAuthenticationSettings',
    version = '2021-05-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Modifies the multi-factor authentication (MFA) setting of all users.
 *
 * @description If you enable username-password logon for CloudSSO users, you can also configure MFA for the users.
 * This topic provides an example on how to enable MFA for all CloudSSO users that belong to the directory named `d-00fc2p61****`.
 *
 * @param request UpdateMFAAuthenticationSettingsRequest
 * @return UpdateMFAAuthenticationSettingsResponse
 */
async function updateMFAAuthenticationSettings(request: UpdateMFAAuthenticationSettingsRequest): UpdateMFAAuthenticationSettingsResponse {
  var runtime = new Util.RuntimeOptions{};
  return updateMFAAuthenticationSettingsWithOptions(request, runtime);
}

model UpdateSCIMServerCredentialStatusRequest {
  credentialId?: string(name='CredentialId', description='The ID of the SCIM credential.', example='scimcred-004whl0kvfwcypbi****'),
  directoryId?: string(name='DirectoryId', description='The ID of the directory.', example='d-00fc2p61****'),
  newStatus?: string(name='NewStatus', description='The new status of the SCIM credential. Valid values:

*   Enabled: The SCIM credential is enabled.
*   Disabled: The SCIM credential is disabled.', example='Disabled'),
}

model UpdateSCIMServerCredentialStatusResponseBody = {
  requestId?: string(name='RequestId', description='The ID of the request.', example='7C086C2F-1C66-57B3-B14E-2C1DA70727CD'),
  SCIMServerCredential?: {
    createTime?: string(name='CreateTime', description='The time when the SCIM credential was created.', example='2021-11-09T08:12:52Z'),
    credentialId?: string(name='CredentialId', description='The ID of the SCIM credential.', example='scimcred-004whl0kvfwcypbi****'),
    credentialType?: string(name='CredentialType', description='The type of the SCIM credential.', example='BearerToken'),
    directoryId?: string(name='DirectoryId', description='The ID of the directory.', example='d-00fc2p61****'),
    expireTime?: string(name='ExpireTime', description='The time when the SCIM credential expires.', example='2022-11-09T08:12:52Z'),
    status?: string(name='Status', description='The status of the SCIM credential. Valid values:

*   Enabled: The SCIM credential is enabled.
*   Disabled: The SCIM credential is disabled.', example='Disabled'),
  }(name='SCIMServerCredential', description='The information about the SCIM credential.'),
}

model UpdateSCIMServerCredentialStatusResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: UpdateSCIMServerCredentialStatusResponseBody(name='body'),
}

/**
 * @summary Enables or disables a Cross-domain Identity Management (SCIM) credential.
 *
 * @description This topic provides an example on how to disable the SCIM credential whose ID is `scimcred-004whl0kvfwcypbi****`. After the SCIM credential is disabled, the synchronization task that uses the SCIM credential fails. You can call this operation again to enable the SCIM credential.
 *
 * @param request UpdateSCIMServerCredentialStatusRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return UpdateSCIMServerCredentialStatusResponse
 */
async function updateSCIMServerCredentialStatusWithOptions(request: UpdateSCIMServerCredentialStatusRequest, runtime: Util.RuntimeOptions): UpdateSCIMServerCredentialStatusResponse {
  Util.validateModel(request);
  var query = {};
  if (!Util.isUnset(request.credentialId)) {
    query['CredentialId'] = request.credentialId;
  }
  if (!Util.isUnset(request.directoryId)) {
    query['DirectoryId'] = request.directoryId;
  }
  if (!Util.isUnset(request.newStatus)) {
    query['NewStatus'] = request.newStatus;
  }
  var req = new OpenApi.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApi.Params{
    action = 'UpdateSCIMServerCredentialStatus',
    version = '2021-05-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Enables or disables a Cross-domain Identity Management (SCIM) credential.
 *
 * @description This topic provides an example on how to disable the SCIM credential whose ID is `scimcred-004whl0kvfwcypbi****`. After the SCIM credential is disabled, the synchronization task that uses the SCIM credential fails. You can call this operation again to enable the SCIM credential.
 *
 * @param request UpdateSCIMServerCredentialStatusRequest
 * @return UpdateSCIMServerCredentialStatusResponse
 */
async function updateSCIMServerCredentialStatus(request: UpdateSCIMServerCredentialStatusRequest): UpdateSCIMServerCredentialStatusResponse {
  var runtime = new Util.RuntimeOptions{};
  return updateSCIMServerCredentialStatusWithOptions(request, runtime);
}

model UpdateUserRequest {
  directoryId?: string(name='DirectoryId', description='The ID of the directory.', example='d-00fc2p61****'),
  newDescription?: string(name='NewDescription', description='The new description of the user.', example='This is a user.'),
  newDisplayName?: string(name='NewDisplayName', description='The new display name of the user.', example='AliceLee'),
  newEmail?: string(name='NewEmail', description='The new email address of the user.', example='AliceLee@example.com'),
  newFirstName?: string(name='NewFirstName', description='The new first name of the user.', example='Alice'),
  newLastName?: string(name='NewLastName', description='The new last name of the user.', example='Lee'),
  userId?: string(name='UserId', description='The ID of the user.', example='u-00q8wbq42wiltcrk****'),
}

model UpdateUserResponseBody = {
  requestId?: string(name='RequestId', description='The ID of the request.', example='F44F02EC-70D1-5E51-8E8E-FA9AC4EF952A'),
  user?: {
    createTime?: string(name='CreateTime', description='The time when the user was created.', example='2021-10-26T03:03:42Z'),
    description?: string(name='Description', description='The description of the user.', example='This is a user.'),
    displayName?: string(name='DisplayName', description='The display name of the user.', example='Alice'),
    email?: string(name='Email', description='The email address of the user.', example='AliceLee@example.com'),
    firstName?: string(name='FirstName', description='The first name of the user.', example='Alice'),
    lastName?: string(name='LastName', description='The last name of the user.', example='Lee'),
    provisionType?: string(name='ProvisionType', description='The type of the user. Valid values:

*   Manual: The user is manually created.
*   Synchronized: The user is synchronized from an external identity provider (IdP).', example='Manual'),
    status?: string(name='Status', description='The status of the user. Valid values:

*   Enabled: The logon of the user is enabled.
*   Disabled: The logon of the user is disabled.', example='Enabled'),
    updateTime?: string(name='UpdateTime', description='The time when the information about the user was modified.', example='2021-10-26T07:32:32Z'),
    userId?: string(name='UserId', description='The ID of the user.', example='u-00q8wbq42wiltcrk****'),
    userName?: string(name='UserName', description='The name of the user.', example='Alice'),
  }(name='User', description='The information about the user.'),
}

model UpdateUserResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: UpdateUserResponseBody(name='body'),
}

/**
 * @summary Modifies information about a user.
 *
 * @description You can modify `FirstName`, `LastName`, `DisplayName`, `Email`, and `Description` for a user. You cannot modify `UserName` for a user.
 * >  If System for Cross-domain Identity Management (SCIM) synchronization is enabled, you cannot modify the information about a user that is synchronized by using SCIM.
 * This topic provides an example on how to change the email address of the user whose ID is `u-00q8wbq42wiltcrk****` to `AliceLee@example.com`.
 *
 * @param request UpdateUserRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return UpdateUserResponse
 */
async function updateUserWithOptions(request: UpdateUserRequest, runtime: Util.RuntimeOptions): UpdateUserResponse {
  Util.validateModel(request);
  var query = {};
  if (!Util.isUnset(request.directoryId)) {
    query['DirectoryId'] = request.directoryId;
  }
  if (!Util.isUnset(request.newDescription)) {
    query['NewDescription'] = request.newDescription;
  }
  if (!Util.isUnset(request.newDisplayName)) {
    query['NewDisplayName'] = request.newDisplayName;
  }
  if (!Util.isUnset(request.newEmail)) {
    query['NewEmail'] = request.newEmail;
  }
  if (!Util.isUnset(request.newFirstName)) {
    query['NewFirstName'] = request.newFirstName;
  }
  if (!Util.isUnset(request.newLastName)) {
    query['NewLastName'] = request.newLastName;
  }
  if (!Util.isUnset(request.userId)) {
    query['UserId'] = request.userId;
  }
  var req = new OpenApi.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApi.Params{
    action = 'UpdateUser',
    version = '2021-05-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Modifies information about a user.
 *
 * @description You can modify `FirstName`, `LastName`, `DisplayName`, `Email`, and `Description` for a user. You cannot modify `UserName` for a user.
 * >  If System for Cross-domain Identity Management (SCIM) synchronization is enabled, you cannot modify the information about a user that is synchronized by using SCIM.
 * This topic provides an example on how to change the email address of the user whose ID is `u-00q8wbq42wiltcrk****` to `AliceLee@example.com`.
 *
 * @param request UpdateUserRequest
 * @return UpdateUserResponse
 */
async function updateUser(request: UpdateUserRequest): UpdateUserResponse {
  var runtime = new Util.RuntimeOptions{};
  return updateUserWithOptions(request, runtime);
}

model UpdateUserMFAAuthenticationSettingsRequest {
  directoryId?: string(name='DirectoryId', description='The ID of the directory.', example='d-00fc2p61****'),
  userId?: string(name='UserId', description='The ID of the user.', example='u-00q8wbq42wiltcrk****'),
  userMFAAuthenticationSettings?: string(name='UserMFAAuthenticationSettings', description='Specifies whether to enable MFA for the user. Valid values:

*   Enabled: enables MFA for the user.
*   Disabled: disables MFA for the user.', example='Enabled'),
}

model UpdateUserMFAAuthenticationSettingsResponseBody = {
  requestId?: string(name='RequestId', description='The ID of the request.', example='5E6C6049-E9B0-5F6F-A104-6150E3B1F4D7'),
}

model UpdateUserMFAAuthenticationSettingsResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: UpdateUserMFAAuthenticationSettingsResponseBody(name='body'),
}

/**
 * @summary Modifies the multi-factor authentication (MFA) setting of a single user.
 *
 * @description If you call the [UpdateMFAAuthenticationSettings](https://help.aliyun.com/document_detail/450134.html) operation to set the MFAAuthenticationSettings parameter to `Byuser`, user-specific settings are applied. Then, you must call the UpdateUserMFAAuthenticationSettings operation to configure MFA for each user.
 * By default, the MFAAuthenticationSettings parameter is set to `Enabled` for a new user.
 * This topic provides an example on how to enable MFA for the user named `u-00q8wbq42wiltcrk****`.
 *
 * @param request UpdateUserMFAAuthenticationSettingsRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return UpdateUserMFAAuthenticationSettingsResponse
 */
async function updateUserMFAAuthenticationSettingsWithOptions(request: UpdateUserMFAAuthenticationSettingsRequest, runtime: Util.RuntimeOptions): UpdateUserMFAAuthenticationSettingsResponse {
  Util.validateModel(request);
  var query = {};
  if (!Util.isUnset(request.directoryId)) {
    query['DirectoryId'] = request.directoryId;
  }
  if (!Util.isUnset(request.userId)) {
    query['UserId'] = request.userId;
  }
  if (!Util.isUnset(request.userMFAAuthenticationSettings)) {
    query['UserMFAAuthenticationSettings'] = request.userMFAAuthenticationSettings;
  }
  var req = new OpenApi.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApi.Params{
    action = 'UpdateUserMFAAuthenticationSettings',
    version = '2021-05-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Modifies the multi-factor authentication (MFA) setting of a single user.
 *
 * @description If you call the [UpdateMFAAuthenticationSettings](https://help.aliyun.com/document_detail/450134.html) operation to set the MFAAuthenticationSettings parameter to `Byuser`, user-specific settings are applied. Then, you must call the UpdateUserMFAAuthenticationSettings operation to configure MFA for each user.
 * By default, the MFAAuthenticationSettings parameter is set to `Enabled` for a new user.
 * This topic provides an example on how to enable MFA for the user named `u-00q8wbq42wiltcrk****`.
 *
 * @param request UpdateUserMFAAuthenticationSettingsRequest
 * @return UpdateUserMFAAuthenticationSettingsResponse
 */
async function updateUserMFAAuthenticationSettings(request: UpdateUserMFAAuthenticationSettingsRequest): UpdateUserMFAAuthenticationSettingsResponse {
  var runtime = new Util.RuntimeOptions{};
  return updateUserMFAAuthenticationSettingsWithOptions(request, runtime);
}

model UpdateUserProvisioningRequest {
  directoryId?: string(name='DirectoryId', description='The ID of the resource directory.', example='d-003qew84****'),
  newDeletionStrategy?: string(name='NewDeletionStrategy', description='The new deletion policy. The policy is used to manage synchronized users when you delete the RAM user provisioning. Valid values:

*   Delete: When you delete the RAM user provisioning, the system deletes the synchronized users.
*   Keep: When you delete the RAM user provisioning, the system retains the synchronized users.', example='Delete'),
  newDescription?: string(name='NewDescription', description='The new description of the RAM user provisioning.', example='description*****'),
  newDuplicationStrategy?: string(name='NewDuplicationStrategy', description='The new conflict handling policy. The policy is used when a RAM user has the same username as the CloudSSO user who is synchronized to RAM. Valid values:

*   KeepBoth: When a CloudSSO user is synchronized to RAM, if a RAM user who has the same username as the CloudSSO user exists, the system creates a RAM user whose username is the username of the CloudSSO user plus the suffix `_sso`.
*   TakeOver: When a CloudSSO user is synchronized to RAM, if a RAM user who has the same username as the CloudSSO user exists, the system replaces the RAM user with the CloudSSO user.', example='KeepBoth'),
  userProvisioningId?: string(name='UserProvisioningId', description='The ID of the RAM user provisioning.', example='up-002axzhapcbz6e63****'),
}

model UpdateUserProvisioningResponseBody = {
  requestId?: string(name='RequestId', description='The request ID.', example='F6F90F3D-4502-5877-B80B-97476F6AE2CC'),
  userProvisioning?: {
    createTime?: string(name='CreateTime', description='The creation time.', example='2022-11-28T03:55:42Z'),
    deletionStrategy?: string(name='DeletionStrategy', description='The deletion policy. The policy is used to manage synchronized users when you delete the RAM user provisioning. Valid values:

*   Delete: When you delete the RAM user provisioning, the system deletes the synchronized users.
*   Keep: When you delete the RAM user provisioning, the system retains the synchronized users.', example='Delete'),
    description?: string(name='Description', description='The description for the RAM user provisioning.', example='This is a user provisioning.'),
    directoryId?: string(name='DirectoryId', description='The ID of the resource directory.', example='d-003qew84****'),
    duplicationStrategy?: string(name='DuplicationStrategy', description='The conflict handling policy. The policy is used when a RAM user has the same username as the CloudSSO user who is synchronized to RAM. Valid values:

*   KeepBoth: When a CloudSSO user is synchronized to RAM, if a RAM user who has the same username as the CloudSSO user exists, the system creates a RAM user whose username is the username of the CloudSSO user plus the suffix `_sso`.
*   TakeOver: When a CloudSSO user is synchronized to RAM, if a RAM user who has the same username as the CloudSSO user exists, the system replaces the RAM user with the CloudSSO user.', example='KeepBoth'),
    ownerPk?: string(name='OwnerPk', description='The ID of the Alibaba Cloud account to which the resource directory belongs.', example='164987310*****'),
    principalId?: string(name='PrincipalId', description='The identity ID of the RAM user provisioning. Valid values:

*   If `Group` is returned for the `PrincipalType` parameter, the value of this parameter is the ID of a CloudSSO user group (g-\\\\*\\\\*\\\\*\\\\*\\\\*\\\\*\\\\*\\\\*).
*   If `User` is returned for the `PrincipalType` parameter, the value of this parameter is the ID of a CloudSSO user (u-\\\\*\\\\*\\\\*\\\\*\\\\*\\\\*\\\\*\\\\*).', example='g-02ha881d*****'),
    principalName?: string(name='PrincipalName', description='The identity name of the RAM user provisioning. Valid values:

*   If `Group` is returned for the `PrincipalType` parameter, the value of this parameter is the name of a CloudSSO user group.
*   If `User` is returned for the `PrincipalType` parameter, the value of this parameter is the name of a CloudSSO user.', example='testUserName'),
    principalType?: string(name='PrincipalType', description='The identity type of the RAM user provisioning. Valid values:

*   User: indicates that the identity of the RAM user provisioning is a CloudSSO user.
*   Group: indicates that the identity of the RAM user provisioning is a CloudSSO user group.', example='User'),
    status?: string(name='Status', description='The status of the RAM user provisioning. Valid values:

*   Enabled
*   Disabled', example='Enabled'),
    targetId?: string(name='TargetId', description='The ID of the object for which you create the RAM user provisioning. The value is fixed as the ID of the account in the resource directory.', example='u-02ha881d*****'),
    targetName?: string(name='TargetName', description='The name of the object for which you create the RAM user provisioning. The value is fixed as the name of the resource directory.', example='testMemberName'),
    targetPath?: string(name='TargetPath', description='The path of the resource directory in which you create the RAM user provisioning for the object.'),
    targetType?: string(name='TargetType', description='The object for which you create the RAM user provisioning. The value is fixed as `RD-Account`.', example='RD-Account'),
    updateTime?: string(name='UpdateTime', description='The modification time.', example='2022-11-28T03:55:42Z'),
    userProvisioningId?: string(name='UserProvisioningId', description='The ID of the RAM user provisioning.', example='up-002axzhapcbz6e63****'),
  }(name='UserProvisioning', description='The information about the RAM user provisioning.'),
}

model UpdateUserProvisioningResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: UpdateUserProvisioningResponseBody(name='body'),
}

/**
 * @summary Modifies a Resource Access Management (RAM) user provisioning.
 *
 * @param request UpdateUserProvisioningRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return UpdateUserProvisioningResponse
 */
async function updateUserProvisioningWithOptions(request: UpdateUserProvisioningRequest, runtime: Util.RuntimeOptions): UpdateUserProvisioningResponse {
  Util.validateModel(request);
  var query = {};
  if (!Util.isUnset(request.directoryId)) {
    query['DirectoryId'] = request.directoryId;
  }
  if (!Util.isUnset(request.newDeletionStrategy)) {
    query['NewDeletionStrategy'] = request.newDeletionStrategy;
  }
  if (!Util.isUnset(request.newDescription)) {
    query['NewDescription'] = request.newDescription;
  }
  if (!Util.isUnset(request.newDuplicationStrategy)) {
    query['NewDuplicationStrategy'] = request.newDuplicationStrategy;
  }
  if (!Util.isUnset(request.userProvisioningId)) {
    query['UserProvisioningId'] = request.userProvisioningId;
  }
  var req = new OpenApi.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApi.Params{
    action = 'UpdateUserProvisioning',
    version = '2021-05-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Modifies a Resource Access Management (RAM) user provisioning.
 *
 * @param request UpdateUserProvisioningRequest
 * @return UpdateUserProvisioningResponse
 */
async function updateUserProvisioning(request: UpdateUserProvisioningRequest): UpdateUserProvisioningResponse {
  var runtime = new Util.RuntimeOptions{};
  return updateUserProvisioningWithOptions(request, runtime);
}

model UpdateUserProvisioningConfigurationRequest {
  directoryId?: string(name='DirectoryId', description='The ID of the resource directory.', example='d-003qew84****'),
  newDefaultLandingPage?: string(name='NewDefaultLandingPage', description='The new default URL for a CloudSSO user who logs on to the Alibaba Cloud Management Console.

Default value: https://homenew.console.aliyun.com.', example='https://home.console.aliyun.com/home/dashboard/ProductAndService'),
  newSessionDuration?: int32(name='NewSessionDuration', description='The new duration of the logon session.

Unit: hours.

Valid values: 1 to 24.

Default value: 6.', example='6'),
}

model UpdateUserProvisioningConfigurationResponseBody = {
  requestId?: string(name='RequestId', description='The request ID.', example='BBC2ED1D-FAC5-3DF8-B63C-992B85B08DD9'),
  userProvisioningConfiguration?: {
    createTime?: string(name='CreateTime', description='The creation time.', example='2022-11-28T03:55:42Z'),
    defaultLandingPage?: string(name='DefaultLandingPage', description='The default URL for a CloudSSO user who logs on to the Alibaba Cloud Management Console.

Default value: https://homenew.console.aliyun.com.', example='https://homenew.console.aliyun.com'),
    directoryId?: string(name='DirectoryId', description='The ID of the resource directory.', example='d-003qew84****'),
    sessionDuration?: int32(name='SessionDuration', description='The duration of the logon session.

Unit: hours.

Valid values: 1 to 24.

Default value: 6.', example='6'),
    updateTime?: string(name='UpdateTime', description='The modification time.', example='2022-11-28T03:55:42Z'),
  }(name='UserProvisioningConfiguration', description='The global configurations of the RAM user provisioning.'),
}

model UpdateUserProvisioningConfigurationResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: UpdateUserProvisioningConfigurationResponseBody(name='body'),
}

/**
 * @summary Modifies the global configurations of a Resource Access Management (RAM) user provisioning.
 *
 * @param request UpdateUserProvisioningConfigurationRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return UpdateUserProvisioningConfigurationResponse
 */
async function updateUserProvisioningConfigurationWithOptions(request: UpdateUserProvisioningConfigurationRequest, runtime: Util.RuntimeOptions): UpdateUserProvisioningConfigurationResponse {
  Util.validateModel(request);
  var query = {};
  if (!Util.isUnset(request.directoryId)) {
    query['DirectoryId'] = request.directoryId;
  }
  if (!Util.isUnset(request.newDefaultLandingPage)) {
    query['NewDefaultLandingPage'] = request.newDefaultLandingPage;
  }
  if (!Util.isUnset(request.newSessionDuration)) {
    query['NewSessionDuration'] = request.newSessionDuration;
  }
  var req = new OpenApi.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApi.Params{
    action = 'UpdateUserProvisioningConfiguration',
    version = '2021-05-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Modifies the global configurations of a Resource Access Management (RAM) user provisioning.
 *
 * @param request UpdateUserProvisioningConfigurationRequest
 * @return UpdateUserProvisioningConfigurationResponse
 */
async function updateUserProvisioningConfiguration(request: UpdateUserProvisioningConfigurationRequest): UpdateUserProvisioningConfigurationResponse {
  var runtime = new Util.RuntimeOptions{};
  return updateUserProvisioningConfigurationWithOptions(request, runtime);
}

model UpdateUserStatusRequest {
  directoryId?: string(name='DirectoryId', description='The ID of the directory.', example='d-00fc2p61****'),
  newStatus?: string(name='NewStatus', description='The new status of the user. Valid values:

*   Enabled: The logon of the user is enabled.
*   Disabled: The logon of the user is disabled.', example='Disabled'),
  userId?: string(name='UserId', description='The ID of the user.', example='u-00q8wbq42wiltcrk****'),
}

model UpdateUserStatusResponseBody = {
  requestId?: string(name='RequestId', description='The ID of the request.', example='EE598602-AC67-56EF-B7CC-2927C30AA0A8'),
}

model UpdateUserStatusResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: UpdateUserStatusResponseBody(name='body'),
}

/**
 * @summary Changes the status of a user.
 *
 * @description This topic provides an example on how to change the status of the user whose ID is `u-00q8wbq42wiltcrk****` to Disabled. Users in the Disabled state cannot log on to the CloudSSO user portal.
 *
 * @param request UpdateUserStatusRequest
 * @param runtime runtime options for this request RuntimeOptions
 * @return UpdateUserStatusResponse
 */
async function updateUserStatusWithOptions(request: UpdateUserStatusRequest, runtime: Util.RuntimeOptions): UpdateUserStatusResponse {
  Util.validateModel(request);
  var query = {};
  if (!Util.isUnset(request.directoryId)) {
    query['DirectoryId'] = request.directoryId;
  }
  if (!Util.isUnset(request.newStatus)) {
    query['NewStatus'] = request.newStatus;
  }
  if (!Util.isUnset(request.userId)) {
    query['UserId'] = request.userId;
  }
  var req = new OpenApi.OpenApiRequest{ 
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApi.Params{
    action = 'UpdateUserStatus',
    version = '2021-05-15',
    protocol = 'HTTPS',
    pathname = '/',
    method = 'POST',
    authType = 'AK',
    style = 'RPC',
    reqBodyType = 'formData',
    bodyType = 'json',
  };
  return callApi(params, req, runtime);
}

/**
 * @summary Changes the status of a user.
 *
 * @description This topic provides an example on how to change the status of the user whose ID is `u-00q8wbq42wiltcrk****` to Disabled. Users in the Disabled state cannot log on to the CloudSSO user portal.
 *
 * @param request UpdateUserStatusRequest
 * @return UpdateUserStatusResponse
 */
async function updateUserStatus(request: UpdateUserStatusRequest): UpdateUserStatusResponse {
  var runtime = new Util.RuntimeOptions{};
  return updateUserStatusWithOptions(request, runtime);
}

